The Engineer Who Tried to Put Age Verification Into Linux

https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/

The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.

@Khrys

I don't understand what the fuss is about. This is exactly the right way to comply with that law: an optional birth date field. You don't want to have to submit an idea to your OS or implement facial recognition, and you certainly don't want to tie account creation to external services for those things, but now parents can fill in the birth date for their kids, and everybody else can ignore it. This kind of thing needs to be in the hands of parents, not external companies.

So I don't really see the problem here.

@mcv @Khrys
I do, it was done unilaterally without discussion.
Even if it was technically correct and maybe we need to look at this, a single person making the decision and forcing it into the code is not the way this should be done.

@julesbl @Khrys

But no single person can force this into the code, right? Someone submitted a PR, and two committers approved it, one of them the creator of the project, as far as I understand. If that's not good enough, then what is?

Of course discussion about this important, but can we do that without panic and fear mongering?

@mcv @Khrys
If you think that is a way that things are discussed and implemented then I guess that is all fine and dandy, yes three people implementing a change which affects millions, perfectly fine

@Khrys That programmer is a blueberry.

"We may not think we know anyone capable of torturing an inmate at, say, Guantánamo Bay, or helping ICE to round up people to deport, but I think we all of know someone who would fix the plumbing, or perhaps take pride in making sure the wifi worked properly at one of these detention centres. Be sure to give them a blueberry for me."

https://librecast.net/fluconf-2025/#good-people-doing-nothing

@Khrys Open source's entire threat model assumed contributors act toward user freedom. The surveillance state runs on volunteers: people who do the implementation work for free, out of genuine conviction, with no paper trail connecting them to the money that wrote the laws.

@Khrys

The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.

What the hell is the issue here? Do you need to be a member of an organization to submit a PR? And if the lack of organisational backing would be a problem, why is it a problem that the people merging it do work for an organisation? The only thing that matters is that an official committer approves it.

This whole article sounds like pointless fear mongering. If there's anything else to it that I'm missing, I'd love for someone to explain it.

@mcv @Khrys let's take it a bit further too. Nobody uses a pre-built systemd straight from upstream, every distribution is building and packaging it.

This seems very trivial to patch right back out and/or put behind a define. (I would actually be surprised if it wasn't like that, to make compliance with different jurisdictions easier).

@Khrys that's called harassment