Did the recent Linux drama change your views on how you perceived Open Source projects?
I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.
Nope. Politics is part of being open source.
As for US strong arming you don't have to be a US company for them to do that. RISK-V and ASML have been targeted by them in the past to prevent Chinese use.
reading the broad points regarding RISC-V, I think my worst case scenario is apparently just the present day.
i've been contributing to open source for a year or so now and i've found the politics of projects affects contributions greatly
Yes. There is an extremely arbitrary distinction made between the USA and Russia. Both are known for injecting spyware. China is somehow still okay? It makes no sense.
Not to mention the elephant in the room by not banning another certain country actively committing war crimes.
All software should be safety checked. Where the maintainer is from should be irrelevant.
But the most weird aspect is the timing. Why now and not a few years ago?
All part of the current US/NATO approved Overton Window, friend.
*Overton
Ha. Autocorrect strikes again! Fixed it and Thanks, for pointing it out.
China is too important a supplier to the West. Sanctions against them would lead to retaliatory sanctions against the West from China which would be economically devastating.
Obviously they are just as dangerous and as actively involved is espionage as the other world players, but they hold too many cards to risk escalation. The West is also too important to their economy to escalate beyond war games. At least - we all hope so.
Your world view seems to be highly influenced by propaganda. It's very easy to draw a distinction between these two countries. Let me start with an easy one:
Russia is a dictatorship, the US is a democracy.
Lmfao
Modern Russia is a shitty liberal "democracy" just as incompetent as the US's
No, it's not. But the US is closer to it than some Americans think.
I see why some people block lenny.ml. Many there put everything through a high-standard threshold function.
You're replying to someone from db0
Lemmy.ml is not the only place that believes the US isn't a democracy.
The US is an oligarchy. It's one of the things agreed by philosophers, including my teacher. The current controversy in the left surrounding the elections obviously proves this point.
If you think the oligarchs in America are the people up for a vote, you're completing misunderstanding what you're being told right now.
The candidates up for a vote represent the different oligarchs at feud.
America: we need military bases all over the world to surpress their population and steal their natural resources. This is why Israel must grow to expand our foothold in the middle east even at the cost of a genocide. We also overthrow democracies to replace them with authoritarian dictators when convenient to us.
You: Democracy!
People don't realize that the US founders explicitly modeled their new state on the Roman empire, with an expansionist aristocracy / slaveocracy controlling the state. The debates on this in the federalist papers are very explicit, as is the way they structured its government. Hell even half the buildings in washington DC are modelled after roman architecture.
If these mods here actually had high standards they would be banning the shitlibs on this thread
The commenter says as he repeats other propaganda.
The US is not and has never been a democracy. The US is an oligarchy.
Read The People’s History of the United States by Howard Zinn.
At best, it was for a while a Representative Democracy. Where people gave their vote to other people to vote for them.
The fact that most Americans think the US is not an oligarchy, today, is a testament to the power of the State and their corporate media to propagandized their own citizens. It is very rich for them to point to other country's Oligarchies and somehow absolutely fail to see their own. Or worse, call it some weird type of conspiracy to call out or point out reality.
I mean, it is not like it is not obvious if one takes a step back or two and looks at it objectively.
Your world view seems to be highly influenced by propaganda. A country ruled by two identical genocidal capitalist parties isn't a "democracy"; it's a capitalist dictatorship.
Any party genuinely wanting to advance working class causes will not be allowed to come to power through it (they won't be funded by the capitalist backers that fund/control the two ruling parties to begin with), and anyone in power that happens to hurt the country's imperial prowess will be disposed of by the ruling parties, the way JFK was assassinated for wanting to abolish the CIA and reducing US troops in the Middle East.
Read about Operation Condor. Its actions, repercussions and number of deaths due to it, and continue to pretend the USA follows Democratic Values™. And this is just but one example.
They are just better at PR than most. You are walking proof of it.
well yeah, how does us being democracy change the fact that they basically did almost everything that Russia did
"basically"
You'll be surprised if you actually challenge your convictions.
I did, and I found that the US does WORSE shit than Russia sometimes.
Russia ain’t good. Neither is the US. Get your head out of your ass.
Heard about what Russia has been doing in the occupied parts of Ukraine?
Heard about what the US did in Afghanistan? US soldiers raped a LOT of children before and after murdering their entire families.
America JUST exited a decades long war where the only results were death and destruction.
Tell me more about the US government requiring their soldiers to rape pre-teen girls then.
Or, you know, they really aren't the same.
Are you sure you want to compare how many wars the US has waged compared to Russia and how many people they've murdered each?
That commenter is doing you a favour by implying it's anywhere close.
Let's.
https://en.wikipedia.org/wiki/Excess_mortality_in_the_Soviet_Union_under_Joseph_Stalin
The current Russian govt is not aligned with Soviet principles or ideology, right?
And the Stalin period saw the Soviets fighting and defeating the Nazis in WW2. Does the calculation of excess mortalities account for such effects too?
Nazi instigators punished, famine caused by the effect of war, infrastructure damage by the Nazis, deaths in Nazi occupied areas. These things don't seem to be discussed much.
Invasion of Vietnam.
https://en.wikipedia.org/wiki/United_States_in_the_Vietnam_War
https://en.wikipedia.org/wiki/United_States_invasion_of_Afghanistan
https://en.wikipedia.org/wiki/Guatemalan_genocide
https://en.wikipedia.org/wiki/CIA_assassination_attempts_on_Fidel_Castro
https://dessalines.github.io/essays/us_atrocities.html#sources--starting-points
https://en.wikipedia.org/wiki/Slavery_in_the_United_States
https://en.m.wikipedia.org/wiki/List_of_Japanese-American_internment_camps
And since the current Russia is seen as the extension of the Soviets:
https://en.wikipedia.org/wiki/Native_American_genocide_in_the_United_States
https://en.wikipedia.org/wiki/Great_Famine_of_1876-1878
https://en.wikipedia.org/wiki/Timeline_of_major_famines_in_India_during_British_rule
Which one is killing us faster? I'm pretty sure it's the USA. Nice that you get to live in a democracy I guess but that doesn't mean a damn thing to someone living outside the USA and being exploited and abused by it.
I'm in Sweden. The idea that the US is somehow more of a danger to us than Russia is laughable.
Russia invading is a statistical risk. The USA (as the leading avatar of capital) exploiting, degrading, and destroying the commons we need to survive is an unavoidable certainty. Russia and Sweden are also doing those things, but on a significantly lesser scale.
Maybe you should read the IPCC reports?
That's a lot to cover... I've learned so far that Russia is responsible for 4% of the world's CO_2 emissions, and that emissions in Russia and Ukraine have decreased fastest of all countries since 1990. That the USA is responsible for 28% of all emissions that have accumulated since the Industrial revolution, and that Russia has emitted 11%. Is there something specific you would like me to learn about?
In large part, it's simply a matter of scale and wealth concentration. If Canada was as large and wealthy as the USA, we'd probably all be cooked by now.
Climate change is not a risk to human survival. Please study the WG2 parts for the possible risks we're facing depending on when and how much action we take.
You're correct in that large parts of Russia don't have indoor toilets and proper sanitation. Not sure that's a positive.
Aaaaah hahahahaha i wish i could see your face while you were typing out this "lesson" omg. Sheeeeheehee i can't, i can't! were you proud of yourself when you hit reply, like "aw yeah gottem"?
Those kinds of problems aren't particularly new (PGP comes to mind as an example back when you couldn't export it out of the US), but it's a reminder that a lot of open-source comes from the US and Europe and is subject to western nation's will. The US is also apparently thinks China is "stealing" RISC-V.
To me that goes against the spirit of open-source, where where you come from and who you are shouldn't matter, because the code is by the people for the people and no money is exchanged. It's already out there in the open, it's not like it will stop the enemy from using the code. What's also silly about this is if the those people were contributing anonymously under a fake or generic name, nothing would have happened.
The Internet got ruined when Facebook normalized/enforced using your real identity online.
They now encourage fake accounts. Has made moderating groups somewhat harder.
It wasn't a culture shock but it made something obvious that sometimes gets forgotten. The "Open" just means that one can look at the source code and copy it to make a new version. There is no obligation of the original creators to support things outside of what they want/can do.
Of course. It's still just a software project.
It just shows how hypocritical and Western biased the community is. Are Israeli and US maintainers ever going to get kicked out of projects for their countries many crimes? No of course not, they would never apply their own standards to themselves, which defeats the point of them in the first place.
Not really, open source projects don't necessarily have to be open to all contributors and I was aware of this already. They have to be open to anyone doing what they want with the code, by definition, which is good, but they don't have to allow everyone to contribute to upstream. I'm not sure if there's any particular defence against this being used in a discriminatory manner, but I do think this effect is significantly mitigated by the decentralised nature of open source and the fact that it's not too uncommon for forks to become preferred over the original, the fact that open source projects rise and fall in popularity, etc.
I wonder if there's some way to manage an open source project so that it's not subject to particular national laws in this way.
It's not decentralized on the level of project development, the visible proof of which is what we've seen happen.
How many times have you seen two branches of a significant project to coexist with comparable popularity?
Yes. Pseudonymous software development. I've seen Ross Ulbricht's name today, so we also know the risks.
Naturally this is closer to some underground warez than to copyleft, because the legal ways of protecting copylefted information against appropriation will not be available. A different paradigm.
Is this really Linux drama though? It seems more like political drama that ended up jizzing on Linux.
I mean, yeah, there's been drama after the decision was made based on legal issues brought about by political drama, but this part of it isn't, if you get the distinction.
The only real linux drama part, as far as I can see is the crappy way it was announced, which isn't what most of the people involved in the drama after the fact are complaining about.
I dunno, I'm not complaining about the post here, just talking about the overall issue itself using the post as a jumping point.
Anyway, I guess what I'm getting at is that foss development can't be immune from political fuckery (no matter how justified or unjustified it is). Everyone that's going to be involved in development is going to live under some nation's thumb, and is vulnerable to any legal ramifications of that nation. So there's no way to prevent a project being strongarmed; all that's possible is having enough people that can review the code do so, so that any fuckery that affects the project is known, so that everyone can decide what they want to do about it as individuals.
As long as individual people have the ability to use any foss software they want on their own devices, there's a limit to how bad the fuckery can get. Tbh, I'm more worried about corporate fuckery in foss projects than governmental
Linux at this point is an absolutely critical part of the information infrastructure our world is built on. It's not just a few nerds in basements cobbling together code. Safeguarding this infrastructure against bad actors is absolutely crucial for everybody's safety. Unfortunately we're going to see more of this kind of stuff in an increasingly polarised world.
Depending on industry, 60-80% of all servers, globally, are running on Linux. So yes, we are not going away.
Israelis are more known for putting backdoors wherever they can than Russians, for example.
Anyway, nation-states are not the only kind of group with malicious interest. Maybe a maintainer is a member of some mafia, I dunno. How are you going to know this?
Many things can be done with FreeBSD. Again, in our time it may get some popularity again not because of such events even, but because of their possibility and to avoid monoculture (in the context of backdoors too).
Open source means open source, I never assume anything else from open source projects.
Well, in theory open source is immune to all that. However, the country a project is registered at, matters. That's why the RISC-V project, for example, took its headquarters from the US to Switzerland. For that exact reason: so no country could strong arm it, especially since Chinese were the major contributors to the project (Switzerland is not 100% neutral, but it's more neutral than other countries).
Yes. If FOSS projects bend the knee to shitty laws just because “they are the law”, then FOSS is free labor for corporations with no gains for the people.
That's the point of FOSS as copyleft, to use the law to protect "free and open" information. This allows bigger projects, because contributors don't have to keep their heads down.
At the same time maybe this is a downside, not an upside. As the reason why it has all gotten so big and complex and corporate-influenced.
It really is. Relying on a government good will to protect people best interests may be the point of failure of FOSS. I hope not but I’m less and less optimistic about the future
The usual consequences to not following the law are not in your favor.
If your goal in contributing to FOSS is to go to prison, there are a lot better avenues to achieve that.
Law aren’t always right and governments don’t always do the best neither for the world nor for its citizens. Open source projects and corporations shouldn’t rely on any government, they shouldn’t do the biddings on governments — either “good” or “bad” — and act in people best interests.
Of course this is a pipe dream and what we got is more free work for companies with none the benefits
I don't understand why you think "avoiding prison" equals free work for companies. The individuals contributing to open source are subject to the same laws we're discussing in this thread, and are the ones that would actually be getting consequences.
No one exists without a government, and that's not even a pipe dream, it'd be societal collapse.
Because FOSS stands for both free software and people’s freedom. No one exists without a government except for external forces that are stronger than the government itself (lobbying is a way to strong arm a government), but this is another matter entirely.
FOSS organisations should exist outside a government because governments are easily corruptible, which is has happened again and again throughout history and is slowly happening right now. And obeying the law not to be thrown in jail is a nice argument, yes, and a shitty one at that: imagine how good would be a German citizen to abide to the government rule during the Nazi period. This doesn’t mean either that they shouldn’t follow any laws, but that, much like any international organisation, they should be international laws agreed on by multiple nations.
Which is essentially the crux of the matter: as long as FOSS projects work within the framework of a government (the US), the project can be easily hijacked, turned into something that goes against people interests. What are the people interests? In short, the minimum denominator is equality, freedom to speak, a right to privacy.
If FOSS projects do have to follow a government’s laws, then contributing to one is free work for corporations: laws can be changed and a democratic society can turn into a non-democratic entity, with laws that restrict the freedom of its citizens; in EU they try to pass a “chat control” law to make cryptography useless [by adding a back door] and while I believe it won’t pass no doubt it’s a worrisome sign. At the end of the day who would benefit the most from FOSS but companies, which do so already?
And to reiterate: sometime it’s better to be thrown in prison than to send someone else to their death
Which corporation are you talking about here?
America™
Nearly every single corporation with an online presence uses free software from the foss community.
What happened this time?
Edit, answered elsewhere:
@Artemis_Mystique No.
It changed my view on how true to their ideas some people are.
It's basically the same as me not installing that Flappy Bird copy because the dev is Russian. I don't trust it, even if the code is available to review.
We also learned a lot about trust with that file zip software a year or so ago. I don't remember the details of that, but open source doesn't automatically mean secure.
One of the big weaknesses of open source is the same as democracy. Nobody has time to review every piece of code (or research and hold accountable every politician) which leads to risks.
How is that weakness different to installing closed source software?
It's a different risk vector. While companies want your information to sell, they don't want to take over your computer to use it in a bot net or steal your bank information and clean out your account.
Open source by it's very nature relies on a lot of people having good intentions, free time, and knowledge for it to work well and safely.
Actually - a lot of closed source programs are still vulnerable to the supply chain attacks you mention where a bad actor has got access to their codebase. This has happened and been reported on, plus I'm sure, plenty of occasions where it was hushed up for reputational reasons. And - much commercial software still uses FOSS dependencies, so is also vulnerable to the same situation you describe for that. Worst of both worlds.
I don't think either system is inherantly better than the other in terms of computer security. Each has different and overlapping vulnerabilities.
And it's why people stress to death that documenting is important. Even if you may not have time to review every single code, it wouldn't hurt to leave footnotes as to where someone could take said code to pick up from where it left off.
If you leave somebody with nothing then it's dead code.
Absolutely that's always good. I was talking more about someone intentionally adding malicious code though.
No
Just this one. The philosophy is still there, Linus and TLF have abandoned it with great hubris. I am very disappointed in them.
I'm thinking about that conspiracy theory of Linus having been made an offer one can't refuse, when some time ago he took a vacation and returned with news about seeing the error of his ways.
It almost coincided with Stallman being canceled for one of his usual highly socially unacceptable, but in principle consistent opinions. With most of the attackers being frankly some new random corporate-associated people, not very active in real communities.
Maybe I'll re-read J4F and compare Linus from there to these events. Canary and all.
EDIT: Before you downvote this for the mush in my head (thx Linus) propagating conspiracy theories, offers one can't refuse are not exactly an impossible thing. And WWII radio games, where, having captured an enemy station's operator, one of the sides could either imitate their style in transmissions or just force them to transmit what it wanted.
I mean he has accepted a position as a luminary at the x86 ecosystem advisory group the most dominant and proprietary instruction set ever formed by companies with vested interest to keeping it in use and prevent competition (RISC-V & ARM) from catching up.
Yes, bad actors can exist everywhere, it doesn't really help anything but fragment the project and harm it, do we need multiple directed forks ? Fuck no it will be best if everyone can monitor and contribute, I kind of think of it as they do peer reviewing in research and shit, it's always better when more people can view it, that will leave less room for biasing and frankly detect bad actors easily
Not realy since Open source is most of the time still the best Option, and you cant realy controll Open source since there is always the option to fork Things. (For example If the US decided that China ist a NoNo the Open source Community in EU or India can do what they want since it is not under their jurisdiction)
but then the project loses momentum, the userbase fragments, opensource projects are fragile as they are mostly volunteer work; I guess the discussion of government threat and overreach towards opensource projects is mostly discussed in the context of cryptocurrencies and other 'disruptive' software
Same here. For now it's only barring contributors which won't harm actual users much, but that could change in the future with the precedent this is setting.
What's the point of "FOSS" at that point if it's not so different from corporate products, being similarly vulnerable to sanctions? I could see genuine free software being relegated to piracy communities if it goes that far.
FOSS gives people the option to take the original code and create their own version of it in case they don't like what the original maintainers are doing. With closed source you would be stuck and would have to look for something new.
This shows that no open-source project can really be directed from the US, or if they are then a fork should exist and be maintained by BRICS citizens who are obviously viewed as lesser, at least in the Linux project.
No, only of Linux
Unfortunately no.
I remember the selinux controversy and the nsa trying to slip bad algorithms in.
No.
I'm ootl. Quick summary?
https://lemmy.ml/post/21682024
https://lemmy.ml/post/21715588
So like what happened
Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven't looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).
As per usual, the discussion of the Linux drama far exceeds the actual drama. I'm guessing most of those people will still contribute.
Russian maintainers were unceremoniously kicked out citing compliance issues.
If someone really wants to use the contribution of the expelled maintainers they can just make their own fork. Part of the Free in FOSS is the freedom to associate or not associate with contributors.
I get that it's a nice daydream to think of open source projects as existing in some kind of independent, ethereal vacuum just because the code is out there and accessible from any place on Earth. But every software project is (mostly?) dependent on the jurisdiction in one country, in this case it's the US, and so their laws about sanctions and so on apply. And yes, this means that unless conflicts/wars between nations happen to cease, that we will eventually have completely separated blocks of politics/culture/military and also IT. Globalization is over. China will have their own stuff, Russia will have their own stuff, and US+EU will have their own stuff. And none of those countries should continue using high-tech products made by the other because they could be sabotaged and it might be hard to find, so it's best to not use them at all and just cook your own stuff. It's unfortunate, but bound to happen in the current state of the political world.
Yes. I always thought of sanctions as being finance-related, meaning you can't transact with sanctioned groups. I figured it couldn't apply to decision-making/membership in non-profit organizations (that it might somehow violate "free speech" or some shit). Finding out this is not the case is terrifying and one more reason to hate the US (not that we needed more). This might disincentivize some people to contribute to FOSS.
I think the prestige of "maintainers" and contributions/control are what is being torn down. Anyone anywhere is still welcome to contribute, they are simply limited from direct control. They can still fork at any time, anyone can. Getting people to follow your fork is another thing entirely, and your open source code will still likely be incorporated directly or indirectly. The only thing that has changed is the misguided prestige that has grown around the project and is not a required or relevant part of the project as a whole.
I'm out of the loop, what's the recent Linux drama? If you don't wanna type it out, you can point me in the right direction. Thanks. :)
Torvalds kicked out a bunch of Russia-based kernel maintainers.
For additional context, this was not a choice, but a requirement. The Linux Foundation is US based, and Torvalds is a US citizen. This was required due to current US sanctions against Russia, and was not just some sort of "Russia bad" thing from Torvalds that a lot of people are framing it as.
The way he announced it and responded to the critics very much made it seem like that. He legitimately needs to shut the fuck up and get a PR person to talk in his stead.
It has been framed as such, but no evidence has been given that it was a requirement
https://lemmy.ml/post/21682024
https://lemmy.ml/post/21715588
Hasn't changed my view much. I already knew Linux was a company that has a legal presence in the US and so would be subject to their laws. The only real surprise is that it's taken so long to action this particular set of sanctions.
I do think the announcement was poorly handled - it should have been explained either before or immediately afterwards to cut back on the conjecture. The git notice only said that these contributors' names had been removed from the credits, not that they'd been stopped from contributing completely. Any company, including Linux, that does something they know is going to be contentious like this should bloody well get ahead of that curve and put the facts out.
The world is at war. It's not a bloody world war as we've seen before, but it is nation against nation by other means. FOSS is used so widely it is absolutely a target and nobody can be so idealistic that they cannot see the conflict, nor not know that it's constantly being attacked. Where you live does matter. I wish that wasn't the case - I truly do, but it's naive in the extreme to pretend otherwise.
This wasn't a decision made based on sanctions, it was just an excuse given but no actual evidence of Linux being required to act on them was ever given.
Why do you think Linus is not being truthful?
Other countries are similarly sanctioned, and hundreds of maintainers from those sanctions are still there. So the sanctions thing is absolutely just an excuse.
What Linus just did to Russians is scaring a lot of people right now, who are probably wondering if they should keep working in association with a project which has just demonstrated its unreliability.
There was more drama? I didn't even notice. They're always doing drama.
Nothing is devoid of global politics.
From what I understand this wasn't a decision dictated by sanctions nor was there any strongarming. Otherwise it would've happend way earlier.
I also think splitting politics and literally anything else doesn't work and is something people who benefit from the discussion (or lack therof) made up.
No
@Artemis_Mystique@lemmy.ml Views on the idea, no. But it confirmed my opinion that the current socio-economic system is unfriendly to FLOSS
I just wanted to say that I have the same questions, and it's a relief to see it posted by someone with more courage. I'm too ignorant to contribute to the discussion though. I don't know how a government or private entity could pressure a FOSS project in this way, unless that pressure was put on the project's git platform. At which point the repo just moves elsewhere.
FOSS does not mean:
Nothing changed except some people are no longer responsible for maintaining parts of the source tree. Their delegated power to accept contributions was removed. They can still propose changes, but they will be reviewed by others who aren't subject aren't at risk of Russian state influence.
This isn't saying they've done anything wrong, or that they are currently under state influence, but now that they no longer have maintainer privileges the chance of the FSB knocking on their door has probably dropped 90%.
I'm not concerned that they followed the best advice of their lawyers to respond to the legal and political challenges that currently exist.
I am concerned that hostile nation states (define those as you will) have made supply chain attacks (remember the xz Utils backdoor) so common that actions like this or worse are becoming necessary and that open source, globally contributed software could be at risk.
This does very little to protect against supply chain attacks.
Your example shows that too.
Increasing modularity and reducing complexity of software seem to be the right way to that end. Plan9, GNU Hurd, Minix3 are interesting in that context.
People are just waking up to the fact that theory isn't reality.
Everything be it software or anything else is beholden only to those who is the highest bidder. Being FOSS doesn't change anything. This has been true for some time now that Linux and TLF is duty bound to businesses running it.
It had been covert till now, it is the overtness of this action which is surprising to most. I for one am surprised it didnt happen sooner.
It's banning contributors but not contributions themselves. So there must be inconvenience but somewhat effective workarounds. That could be fun to see unfold.
Although why would anyone from Russia even consider helping a project which sees them as lesser
But that's not what happened. If the lawyers are saying that some open source groups can't work with open source groups in Russia, as Linus indicated, that doesn't mean either group dislikes the other group. I don't think this is a question of animosity.
Certain Open Source movements are pure bigotry and opportunism, the Linux Kernel / The Linux Foundation for example, so it doesn't really make me wonder.
If you are having sensitive information stored using closed-source software/OS, you can stop reading right here. This is your biggest vulnerability and the best thing you can do is to switch to FOSS.
For those that have already switched:
It made me think about how to improve the resistance of large FOSS projects against state-sponsored attackers injecting backdoors.
The best thing i came up with would be to have each contribution checked by a contributor of a rival state. So a Russian (or Chinese) contributor verifies a contribution by an American.
The verifying contributors would have to be chosen at random in a way that is not predeterminable by an attacker, otherwise a Chinese-state contributor will contribute harmless code until the next verifier will be a US-based Chinese spy. Then they will submit a backdoor and have it checked by an American citizen paid by China.
Also the random number generator has to be verifiable by outsiders, otherwise a spy in the Linux-Foundation can manipulate the outcome of choosing a favorable verifier for a backdoor.
This can obviously only be done as long as there are lots of contributors from rivaling states. If the US decided that Linux can only allow contributors from USA/EU, then this model can not work and Linux would have to relocate into a more favorable state like Switzerland.
What one should keep in mind that even if the US would ban all foreign contributions and the foundation would not relocate, Linux would still be more secure than any closed source OS, as those foreigners can still look at the code and blow the whistle on bugs/backdoors. It would however be much more insecure than it is now, as the overhead for finding bugs/backdoors would be much larger.