The whole point of open source was that you can see the code and the commits. We don’t need to trust anybody. I feel like banning contributors is just contradicting one of the key benefits of open source.

Wouldn’t it be the right thing to just improve the security and vetting of commits to the kernel? After all, it’s the Linux Kernel.

Besides, the idea that employed developers with a Russian day job are a risk… but one fails to consider these were the honest ones who declared their day job. Does the threat modelling end there?

What would you do about people who… lie online about where they work? (I know it’s impossible but bear with me).

I feel like properly vetting commits to the kernel that does not involve the core contributors and maintainers too much is the way to go. (Tests, dedicated resources, more time in review, commit to a staging branch and ask the world’s foremost hackers to find vulnerabilities, etc)

This is from the article:

But the commit count is just one metric and this year saw 3,694,098 new lines of code and 1,490,601 lines of code removed. That’s comparable to prior years with last year seeing 3.3 million new lines and 1.59 million lines removed… Down from the 5.3 million new lines in 2022 but for 2021 was also in the 3.2 million new line range. So in terms of code activity, 2024 was largely similar to prior years for the Linux kernel, just with far fewer commits.