Official statement regarding recent Greg' commit 6e90b675cf942e from Serge Semin
Hello Linux-kernel community,
I am sure you have already heard the news caused by the recent Greg' commit
6e90b675cf942e ("MAINTAINERS: Remove some entries due to various compliance
requirements."). As you may have noticed the change concerned some of the
Ru-related developers removal from the list of the official kernel maintainers,
including me.
The community members rightly noted that the quite short commit log contained
very vague terms with no explicit change justification. No matter how hard I
tried to get more details about the reason, alas the senior maintainer I was
discussing the matter with haven't given an explanation to what compliance
requirements that was. I won't cite the exact emails text since it was a private
messaging, but the key words are "sanctions", "sorry", "nothing I can do", "talk
to your (company) lawyer"... I can't say for all the guys affected by the
change, but my work for the community has been purely volunteer for more than
a year now (and less than half of it had been payable before that). For that
reason I have no any (company) lawyer to talk to, and honestly after the way the
patch has been merged in I don't really want to now. Silently, behind everyone's
back, bypassing the standard patch-review process, with no affected
developers/subsystem notified - it's indeed the worse way to do what has been
done. No gratitude, no credits to the developers for all these years of the
devoted work for the community. No matter the reason of the situation but
haven't we deserved more than that? Adding to the GREDITS file at least, no?..
I can't believe the kernel senior maintainers didn't consider that the patch
wouldn't go unnoticed, and the situation might get out of control with
unpredictable results for the community, if not straight away then in the middle
or long term perspective. I am sure there have been plenty ways to solve the
problem less harmfully, but they decided to take the easiest path. Alas what's
done is done. A bifurcation point slightly initiated a year ago has just been
fully implemented. The reason of the situation is obviously in the political
ground which in this case surely shatters a basement the community has been built
on in the first place. If so then God knows what might be next (who else might
be sanctioned...), but the implemented move clearly sends a bad signal to the
Linux community new comers, to the already working volunteers and hobbyists like
me.
Thus even if it was still possible for me to send patches or perform some
reviews, after what has been done my motivation to do that as a volunteer has
simply vanished. (I might be doing a commercial upstreaming in future though).
But before saying goodbye I'd like to express my gratitude to all the community
members I have been lucky to work with during all these years.
While I understand that the manner in which your removal from the Linux kernel maintainer list was handled may feel frustrating, there are much larger issues at stake here. The fact that you would leave a project you claimed to have volunteered for "in good faith" as soon as your country’s role in a horrific war of aggression comes into question is deeply troubling.
Let’s be clear: Russia’s invasion of Ukraine is an unprovoked act of war, involving systematic atrocities and crimes against humanity. No matter how you frame your individual involvement as a contributor to open-source projects, by remaining silent and failing to stand against the actions of your government, you and others in Russia are complicit. You cannot separate your personal or professional activities from the larger geopolitical realities—especially not when your country is committing genocidal acts.
Furthermore, the issue of trust cannot be overstated. The Linux Foundation and broader open-source community depend on trust and collaboration. With Russian state-sponsored espionage, cyberattacks, and covert operations frequently targeting Western infrastructure, it’s impossible to ignore the risks associated with contributors from a country that has made subterfuge and disinformation a central part of its strategy. How can the community trust that your contributions are made in good faith when so many Russian actors have been implicated in espionage and manipulation efforts?
The Linux Foundation does not exist in a vacuum. It stands for more than just code—it represents the principles of openness, transparency, and ethical responsibility. Allowing contributions from individuals tied to a state engaging in war crimes sends the wrong message. It would compromise the integrity of the entire community.
As for the comparison to U.S. support for Israel, the situations are entirely different. The U.S. is not driving soldiers into Gaza to kill Palestinians. While we provide material and military support to Israel—largely aimed at combating Hamas, a recognized terrorist organization—that is not the same as directly engaging in the conflict. The idea that the U.S. is the sole proprietor of the war in Gaza is absurd and fueled by Iranian and other hostile propaganda. The U.S. government has not declared war on Gaza, and no congressional vote has sanctioned such an action.
It’s important to note that U.S. policy toward Israel has been consistent for decades, across multiple administrations. The complexities of this relationship go far beyond any single conflict or war. Furthermore, while atrocities committed by any state must be condemned, we are not responsible for every action taken by Israel, just as Russians like yourself should not dismiss your government's role in the atrocities being committed in Ukraine.
In the end, it's about accountability. You chose to walk away from the Linux community because of a necessary and justified action aimed at holding people accountable for their involvement, directly or indirectly, in a war of aggression. Your departure speaks volumes about where your priorities and loyalties truly lie.
What you think Americans are some kind of hypocrites who are all talk but really stand for nothing?
If your comment was true all true patriot Americans would be staging a revolution. And definitely not advocate to vote for the people perpetrating those brutal war crimes.
Purging of contributors just because they originate from a country is not how leadership of an open source project should act. Really sad to see.
This isn't about "purging contributors just because they originate from a country"—it's about addressing real security risks and complying with international sanctions. Open-source projects, especially something as critical as the Linux kernel, don’t exist in a vacuum. They are part of a global infrastructure that is deeply intertwined with national security and legal obligations.
Russia's actions on the global stage, from its involvement in cyber warfare to the invasion of Ukraine, have resulted in widespread sanctions for good reason. When individuals or organizations tied to sanctioned entities are involved, it becomes a matter of compliance and risk management, not arbitrary exclusion. The leadership of open-source projects has a responsibility to protect the project’s security and integrity, especially from potential threats that are well-documented.
It’s unfortunate that good contributors are caught in the crossfire, but that's a consequence of the political reality created by Russia's actions. The Linux Foundation, being U.S.-based, has to comply with these sanctions, and more importantly, must take steps to safeguard critical infrastructure from potential compromise. It’s not about nationality—it's about mitigating risks and ensuring compliance with international laws. That’s just how responsible leadership works.
Saying "Infosec reasons, allegedly" is not only dismissive but also incredibly irresponsible given the current global security climate. There’s nothing “alleged” about the cyber threats posed by Russia. The evidence is overwhelming, documented, and spans decades of hostile actions across Europe and the U.S.
Russia has engaged in full-scale cyber warfare against Western infrastructure, ranging from the NotPetya attacks that caused billions in damages, to election interference in multiple countries, and the continuous disinformation campaigns meant to destabilize democratic institutions. In the cybersecurity world, you don’t wait around for damage to occur before addressing vulnerabilities—prevention is key. It’s not "alleged" when we have mountains of evidence of Russian cyber operations targeting everything from defense industries to healthcare systems.
Your dismissal of the very real "infosec reasons" undermines a fundamental understanding of modern cybersecurity. Espionage, sabotage, and cyberattacks aren't just hypothetical scenarios; they are ongoing, constant threats. By brushing off legitimate concerns with a sarcastic "allegedly," you're either willfully ignoring these realities or grossly underestimating the scale of the issue. Russia has weaponized the digital space, and whether you like it or not, contributions to critical open-source projects like the Linux kernel are absolutely a potential vector for compromise.
When you throw around "allegedly" as if these are mere conspiracy theories, you demonstrate a lack of understanding about how covert operations work. They don’t come with red flags and announcements—they rely on subtlety, deception, and exploiting weaknesses in systems, both technological and human.
Infosec concerns are serious. They aren't alleged. They are proven, documented, and ongoing. If you don't see the logic in taking proactive steps to secure critical infrastructure projects from a country that has made espionage and cyber warfare a cornerstone of its foreign policy, then you're missing the bigger picture entirely. The Linux kernel is too important to global infrastructure to take any risks, and infosec reasons are very much real, not some "alleged" excuse.
I understand the sanctions part and wanting to head off any potential state interference with projects like this, but "infosec reasons" feels very hand wavy.
I think I'd be a lot more comfortable if we had seen malicious/bad faith actions/communications or maybe some more specific and tangible reasons to suspect them being compromised on the part of the Russian maintainers before they were just removed.
That's not what happened. There are still Russian contributors. Just the onces that have in some way (maybe indirectly) ties with the Russian government have been removed.