[-]

JamzTyson@reddit

Project forward a few years to a possible scenario where a hundred jurisdictions around the world create their own requirements for what anti-privacy measures an OS must employ. How will that work, or are we only concerned with a few US states?

[-]

aliendude5300@reddit

That'll be a fucking mess. Probably have to store different info per geography.

[-]

Heyla_Doria@reddit

Debian manque de courage

Ils en ont assez pour être élitistes et nous dire qu'on est pas assez intelligent , meme quand on les soutiens depuis 20 ans

Mais face a de véritable combats, ce sont des colabos 🤷‍♀️

[-]

7lhz9x6k8emmd7c8@reddit

Commentaire dans le sens des autres mais qui se prend des downvotes rageux parce que les linuxiens des ÉUA savent quitter vim mais pas utiliser de traducteur, et sont aussi arrogants que les politiciens qu'ils critiquent.

[-]

cyb3rofficial@reddit

Just ship with out it, if user indicates they are in a certain location, download a package that enables it. Not that difficult. People will just make a bypass for it anyway, or fork the build process and just remove it. Why destroy their likability over a few people's bad decisions. I could careless about it, majority if not everyone will be born January 1, 1970, at 00:00:00 UTC.

[-]

arwinda@reddit

download a package

For a fair share of users even the existence of such a package is three steps too far.

[-]

Dr_Hexagon@reddit

which is ridiculous because the option to store a birthday field in an LDAP central directory for user accounts has existed for over 20 years.

People need to understand that complying with the law does not mean you agree with the law. It's possible to implement what the law requires and also lobby against the law.

[-]

SiteRelEnby@reddit

which is ridiculous because the option to store a birthday field in an LDAP central directory for user accounts has existed for over 20 years.

Nice false equivalency there.

I don't use fucking LDAP
If I did, I could lock it down so random fucking websites and programs aren't requesting it

[-]

Dr_Hexagon@reddit

And you'll also be able to remove whatever age / birthday field Debian adds (if they do). Or just set it to 01/01/70

[-]

SiteRelEnby@reddit

Bold of you to assume I'll keep using debian if they start complying in advance.

[-]

Dr_Hexagon@reddit

Well you better start looking for a new distro then. Debian is highly used for enterprise systems and their corporate sponsors include Google and Amazon. Those companies are likely going to ask Debian to comply.

I don't like it but the debian devs deserve to get paid and thats where the money comes from.

[-]

SiteRelEnby@reddit

Debian is highly used for enterprise systems

Check the name, you don't need to mansplain Linux to me.

[-]

Dr_Hexagon@reddit

"mansplain", I had no idea of your gender or lack of gender when I wrote this and I would have worded it exactly the same if I knew I was speaking to a man. get over yourself.

Tech companies think it's fucking stupid mostly, actually, unless they're fashbook.

If they have to deal with enterprise customers in California or other states where this is implemented they make well think it's stupid but implement it anyway.

[-]

SiteRelEnby@reddit

So are cars going to implement it then? smart lightbulbs? vapes?

[-]

torsten_dev@reddit

Some laws need to be broken and challenged in court. Until the law is actually enforced against you it's hard to sue thw government for creating vague, capricious, overreaching laws that violated the first amendment.

[-]

Dr_Hexagon@reddit

I'm sure someone will try that, but most Linux distros can't afford to pay expensive lawyers. Redhat could, but being owned by IBM I doubt they will. Canonical maybe?

[-]

torsten_dev@reddit

It's what all the FOSS orgs exist for. The first to get hit will have an army of lawyers.

[-]

Dr_Hexagon@reddit

Electronic Frontier Foundation, Software in the Public interest and Linux Foundation don't really have deep pockets. What they do have is lawyers willing to work at reduced rates or pro bono for certain cases.

Sueing the government is expensive, very expensive.

[-]

torsten_dev@reddit

LF alone took in 300 mil in 2024. Yes they spend it all because 501 (c) 3, but just cutting their funding of other Projects by 1% this year should cover a single case all the way through appeals.

[-]

arwinda@reddit

That part (lobbying against the law) escapes these people, or rather they just want to tinker with their free software, whatever free means in their opinion. Everyone and everything exists inside certain legal and socula frameworks.

[-]

New_Enthusiasm9053@reddit

Or you ignore the law when it suits like most people do. Or how many of you never speed. This isn't the kind of law anyone will ever see serious prison time for so it's something you can just ignore.

[-]

Dr_Hexagon@reddit

the California law does not apply to end users. Its something that operating system providers must implement or risk fines.

The companies that provide enterprise linux with support are likely to comply: redhat, canonical, SUSE maybe?

Debian is more complicated but the trademark is owned by the Software for the Public Interest INC, a NY non profit. It remains to be seen if they would bother to go after them.

[-]

Kazer67@reddit

And that's why, like emulator, there's things that should be made in other country who has different law (not talking about Enterprise Linux distro, those will need to comply with local law if they want to do business in a area but the other).

Think it was CachyOS that's made in Germany by German & Russian devs and they stated they will not implement it (so probably remove it is Arch implement it).

[-]

New_Enthusiasm9053@reddit

Right but that's for their lawyers to decide what needs to be done. Why random people are jumping on implementing this when even the big corps haven't is odd.

[-]

onlysubscribedtocats@reddit

Or how many of you never speed

I don't, and fuck speeders.

[-]

New_Enthusiasm9053@reddit

Fine then jaywalking.

[-]

onlysubscribedtocats@reddit

Only illegal in America. I don't live there.

[-]

New_Enthusiasm9053@reddit

Fine then whatever other dumb law you ignore. There is no country on the planet where citizens follow every law to the letter.

[-]

SeniorMatthew@reddit

Agree

[-]

kxortbot@reddit

In order to be available and safe against legal action, the package must exist.

The trick is in how it's implemented, can it be set up so that those outside the reach of these wacky laws aren't impacted, and if it can be cleanly removed if someone moves out of the jurisdiction of said wacky laws.

[-]

Dramatic_Mastodon_93@reddit

Bullshit. Just block IPs from regions with age verification laws. I also assume Debian already doesn’t advertise to users, so I don’t see a way anyone would be able to prove an intent of having Debian be used by users in those regions.

[-]

Business_Reindeer910@reddit

that'd be up all the hundreds of different mirror sites across the globe to implement . not all are even owned by debian. many mirror sites are hosted at universities for example. These mirrors don't just mirror debian, but tons of other distros.

[-]

kxortbot@reddit

Indeed, if I had to geo-block as a mirror provider. I'd stop carrying debian.. not worth the hassle.

[-]

Dramatic_Mastodon_93@reddit

Then just stop? What’s the problem? Are you going to die if you can’t distribute Debian as a mirror provider?

[-]

WaitForItTheMongols@reddit

Yes, but the point is Debian doesn't want to have everyone quit.

[-]

kxortbot@reddit

Exactly, it's all volunteers.

How much friction can you force before everyone takes their toys and goes home.

Debian worked around shitty laws in the past with a non-us repo system. Might be time to return to form and then geo-block the entire country.

Less config to maintain than ip banning states.

[-]

Dramatic_Mastodon_93@reddit

Then it’s the mirrors who are illegally distributing software.

[-]

Business_Reindeer910@reddit

can't say i know how that works. lots of software gets distributed by "the cloud", but i doubt amazon or whoever would be on the hook here.

[-]

No-Bison-5397@reddit

Ship with disclaimer that it’s not for use within any jurisdiction that has age verification laws along with the block, state that the code and binary are provided for research and analysis purposes only.

No blocking required.

[-]

UpsetCryptographer49@reddit

Tell me you don’t know how a package distribution work without telling me you know how a package distribution works.

[-]

Indolent_Bard@reddit

I think they meant IP block people from downloading Debian in the first place.

[-]

Dramatic_Mastodon_93@reddit

yes

[-]

lazer---sharks@reddit

the unhinged Redditor crowd already uses Arch.

[-]

VlijmenFileer@reddit

Hey! How do you know my exact birth date and time?? This is spooky...

[-]

GreenFox1505@reddit

I think the best malicious compliance is autofill birthdate with Jan1 1970, then just click through.

[-]

adenosine-5@reddit

if user indicates they are in a certain location, ~~download a package that enables it~~ tell him to move out of totalitarian third-world country

FTFY

[-]

Spitfire1900@reddit

Not a bad plan, ship with it “disabled” and during installation ask if they are from one of a number of states that have the requirement. If yes then tell the user directly “this must be installed because you reside in such and such a state,” with “Proceed” and “Back” options presented to the user. On “Proceed install the requisite software.

[-]

ZENITHSEEKERiii@reddit

This seems very reasonable since it's not necessarily possible to determine geolocation accurately for a desktop anyway. For mobiles it's easier so they would probably have to implement it, but on desktop at least it can be opt in like this.

[-]

Kurgan_IT@reddit

LOL, I missed that date by 5 months. I could have been more precise.

[-]

Indolent_Bard@reddit

That could violate the California law.

[-]

ahfoo@reddit

Well how about this the, California can change their fucked up law. It seems that the problem should be solved by the same people who created it. If they want shitty laws, they have to accept the shitty consequences.

[-]

Indolent_Bard@reddit

None of us voted for this. Unfortunately, companies can just straight up write laws and lobby for them to be implemented.

[-]

micnolmad@reddit

We don't live in ca or even us. Fuck their laws.

[-]

Indolent_Bard@reddit

If you want to do business in California, you have to comply with the law. Sure, you could just stop doing business with the fourth largest economy in the world. Of course, your shareholders will kill you. To them, Hell wouldn't be harsh enough.

[-]

payne747@reddit

Please let it be in the non-free repo

[-]

grathontolarsdatarod@reddit

It should be.

[-]

grem75@reddit

That repo is about the license, not about how you feel.

There are patent encumbered codecs in the main repo that Fedora won't ship, but since the license is free they are not in non-free.

[-]

grathontolarsdatarod@reddit

I'm gonna go with how I feel.

Lock out California.

Let them make a government approved fork of someone else's software.

This isn't an american project. And this goes against how I FEEL a liberal democracy should operate.

[-]

Jethro_Tell@reddit

I live in UTC.

And my bash profile starts out with 'export TZ=${timezone}'

[-]

GodlessAristocrat@reddit

Do they provide the same warning for Wireshark if the user lives in a dual-consent state?

[-]

julioqc@reddit

Ah yes the famous Epoch baby boom!

[-]

ButtonExposure@reddit

Epocholiptic number of babies delivered on that day, for sure.

[-]

BoutTreeFittee@reddit

My steam account now knows me to be 126 years old.

[-]

PitifulAnalysis7638@reddit

I don't know if steam stores birthdates. They always ask for my birthdate on the store pages

[-]

dovvv@reddit

*couldn't care less

[-]

cyb3rofficial@reddit

https://media1.tenor.com/m/iRmXN8JssAcAAAAd/penguin-trip.gif

[-]

Heyla_Doria@reddit

Il faut frontalement refuser

Je suis sur linux pour JUSTEMENT ne pas mentir, mais être discrète comme je réclame d'en avoir le droit

J'ai pas a mentir J'ai pas a divulguer

Soyez courageux, la, vous vois défilez....

[-]

AnsibleAnswers@reddit

Setting your birthdate to the Unix epoch is blatant non-compliance.

[-]

neoh4x0r@reddit

Setting your birthdate to the Unix epoch is blatant non-compliance.

I see the incoming side-eye you are going to get from all the people that are 56 right now.

[-]

grathontolarsdatarod@reddit

I'm glad you caught that.

Good for you.

[-]

fek47@reddit

Avant de décider comment agir en pratique, par exemple de refuser de suivre la législation en vigueur, il est très important d’analyser soigneusement les lois applicables. Par ailleurs, je partage votre avis.

[-]

robprobasco@reddit

This is what I’ve been saying but my post got removed.

[-]

fek47@reddit

Tille's response is prudent. First of all legal consultation is required. 2026 seems to become a interesting year for Linux distributions. I hope for the best but I'm preparing for the worst.

[-]

martyn_hare@reddit

I remember seeing a few independent lawyers on project mailing lists advising that prematurely complying with the US laws when the infrastructure doesn't already exist could result in unnecessarily waiving a number of potential future legal defenses, then proceeded to give a list of them, citing existing common law precedent.

If other legal experts take a similar viewpoint, then this should all end up limited to iOS and Google Play Certified Android, where supplying a date of birth been required for a very long time to access mainstream app stores already anyway.

[-]

maz20@reddit

I remember seeing a few independent lawyers on project mailing lists advising that prematurely complying with the US laws when the infrastructure doesn't already exist could result in unnecessarily waiving a number of potential future legal defenses, then proceeded to give a list of them, citing existing common law precedent.

Do you have a link to those lawyers' statements? (on the mailing lists)

[-]

martyn_hare@reddit

Haha good one 😂 just admit it lol you clearly obviously made that whole entire crap up.

...and if I show you proof, will you admit you made your crap up?

Proof that defenses exist and complying early waives them, from a lawyer.

[-]

maz20@reddit

...and if I show you proof, will you admit you made your crap up?

Except that your link doesn't show any proof at all of your claim that "premature compliance" waives future legal defenses.

The only thing your friend Vince even cites in that email is Bernstein v DOJ regarding the interpretation of software code as free speech (also discussed here https://www.reddit.com/r/linux/comments/1rlmfss/ as well). Except this is irrelevant, as no one is claiming the law cannot be challenged. The question is whether or not "early" compliance waives future legal challenges.

As far as your claim is concerned, all that exists in your linked email is one small statement at the very end

The rush to comply could be a waiver of all these arguments.

Towards which no proof is presented at all. And which also contradicts actual bona fide case law with the US Court of Appeals for the 4th Circuit as I demonstrated above.

P.S --> in traffic court, you are free to "not comply" by delaying payment of a fine if you wish to challenge a citation. This is because "rushing to comply" with posted fines may be considered an admission of guilt (leading you to forfeit your case).

But, you are *not* free to "not comply" with the original traffic law in the first place! This is because if you openly "disobey" or clearly intentionally refuse to comply with the law whatsoever, you'll essentially lose the recourse to dispute the fines/penalties stipulated for your violation afterwards as you are already openly admitting to violating that law in the first place.

So, again ---> do you have further links or correspondence from that Vince Heuser that actually detail exactly what was meant by his statement about "rushing to comply" ?

[-]

No-Bison-5397@reddit

Bingo.

The US’ legal systems aren’t the be all and end all but if you comply with them of your own volition when they have no clear jurisdiction then you’re setting yourself up for a world of hurt.

[-]

maz20@reddit

Not really ---> I think you're confusing between "compliance" in terms of paying fines for breaking a law versus "compliance" in terms of following a law in the first place.

If you "comply" prematurely in the former, then you may forfeit a case you had against the law because paying fines may be already viewed as an "admission of guilt" (such as in traffic court, for example)

But if you openly "disobey" or fail to comply with the latter whatsoever, you do not really have any recourse to dispute the fines/penalties stipulated for your violation --> because then you are openly to violating that law in the first place.

For reference, the US Court of Appeals for the 4th Circuit said this in Mobil Oil Corp. v. Attorney General of Virginia (1991):

Public policy should encourage a person aggrieved by laws he considers unconstitutional to seek a declaratory judgment against the arm of the state entrusted with the state’s enforcement power, all the while complying with the challenged law, rather than to deliberately break the law and take his chances in the ensuing suit or prosecution.

[-]

No-Bison-5397@reddit

Ah yes, we should have complied with the Nuremberg laws while protesting them.

The California law is insane, they clearly don't even understand what an operating system is.

[-]

maz20@reddit

Just to be clear -- are you claiming that these age verification laws are the same thing as Nuremberg??

[-]

No-Bison-5397@reddit

No, just that I don't believe that following the law is necessarily right, smart, nor moral and it's a pretty clear way to get the point across.

[-]

maz20@reddit

Not really lol

On the "right/moral" front? Sure -- these OS age verification laws are kinda crappy.

On the "smart/legal" front? Well, that's not how the legal system works. You don't generally get to simply ignore laws you don't like without consequence lol

[-]

No-Bison-5397@reddit

You don't generally get to simply ignore laws you don't like without consequence lol

Yes... they want to fine anyone thousands of dollars for each child. I would be very interested to see who they plan to fine.

[-]

trogdor-burninates@reddit

Well bad news then, it's already in SystemD.

[-]

SiteRelEnby@reddit

...the worst init system ever made. Nothing of value was lost.

[-]

trogdor-burninates@reddit

I know a lot of people hate systemd, but it's part of a lot of popular distros.

[-]

SiteRelEnby@reddit

https://en.wikipedia.org/wiki/Argumentum_ad_populum

[-]

martyn_hare@reddit

It has technical benefits which are compelling enough that I'd never go back.

It's a non-fugly mix of the best of SCM from Windows and launchd from macOS which actually does follow the Unix philosophy due to using independent daemons for every feature which is outside the scope of what an initd should do. It replaces automount, [x]inetd, [ana]cron and many other primitive services with something fit for the modern day in a way which doesn't actually piss me off.

It also helps not just me but the distros too. Upstreams get to ship simple unit files for scheduled tasks, triggered tasks and the startup of daemons which "just works" across every distribution, so there's no need for tons of scripts anymore. It also allows software developers to securely implement a whole host of common sense mitigation techniques correctly without needing boilerplate code to do it.

But not only does it do this system-wide, but per-user as well... where it also handles cgroups and the automatic grouping of disparate process hierarchies within a user session. This will not only enable proper desktop-aware scheduling going forward but also form a means to implement proper sandboxing of entire user sessions, since systemd acts as the unprivileged parent process for every logon session.

It's a decent solution. The hate is unwarranted.

[-]

SiteRelEnby@reddit

whatever lennart

[-]

SiteRelEnby@reddit

Remember that 50% of the people you meet are below average intelligence. Suddenly the popularity of systemd is explained.

[-]

edparadox@reddit

I remember seeing a few independent lawyers on project mailing lists advising that prematurely complying with the US laws when the infrastructure doesn't already exist could result in unnecessarily waiving a number of potential future legal defenses, then proceeded to give a list of them, citing existing common law precedent.

That's why the overenthusiastic dev who tried to single-handedly lay the groundwork for age verification in systemd and archinstall needed to be stopped.

[-]

Teknikal_Domain@reddit

Yeah so we found out who was paying them for doing that, by the way...

That wasnt an oversight.

[-]

Away-Lecture-3172@reddit

In this case we should try to talk directly to core team of those projects. There should be at least some explanation on why they are doing it and no censorship for complaints.

[-]

Jacksaur@reddit

"Don't comply in advance"

People have been yelling it since this administration started.

[-]

Away-Lecture-3172@reddit

That makes a lot of sense actually. Pushing age verification early means that you agree to be liable, and once done there is no way to defend yourself basically.

[-]

phoenix823@reddit

There is no such thing as 'agreeing' to be liable.

[-]

fek47@reddit

advising that prematurely complying with the US laws when the infrastructure doesn't already exist could result in unnecessarily waiving a number of potential future legal defenses, then proceeded to give a list of them, citing existing common law precedent.

That's interesting. Thanks for sharing this information.

If other legal experts take a similar viewpoint, then this should all end up limited to iOS and Google Play Certified Android

I sure hope you're right.

[-]

MatchingTurret@reddit

2026 seems to become a interesting year for Linux distributions. I hope for the best but I'm preparing for the worst.

With the worst energy and potentially food crisis in recent history approaching, age verification will be the least of our worries.

[-]

GlowstickConsumption@reddit

Why would there be any food scarcity for people who use this subreddit?

[-]

Ulrich_de_Vries@reddit

Yeah I am waiting this out, but have some contingency plans of moving to Void or Devuan if shit hits the fan. I don't expect those distros to comply.

[-]

Unicorn_Colombo@reddit

Somehow we are getting from OSS being alt-left to OSS being alt-right.

[-]

Cryptikick@reddit

This will NEVER be normal.

We decide which software runs on our computers; not governments, not platforms, not app stores, not anyone else. If a distro ships surveillance hooks, age-signaling APIs, or identity-check garbage, we can patch it out, revert it, rebuild the package, and keep a clean system.

And let me be absolutely clear: I will never accept OS-level surveillance apparatus on my private devices. Age-signaling APIs, mandatory device-side identity data, birth-date storage, policy-enforcement metadata; that is a liability surface, not “safety.”

If a distro inherits this nightmare, the answer is not surrender. The answer is: remove it, rebuild it, and refuse to normalize it.

Here are some of the people and projects pushing back:

1. Resistance (Code, Tracking, Removal, and Rebuilds)

OSS Anti Surveillance (AntiSurv): Tracks OS-level surveillance mechanisms and documents downstream removal, reversions, and patch paths.
Devuan forum: “Age Verification”: Community discussion around refusing or stripping age-verification mechanisms inherited from upstreams. (This is discussion evidence, not a formal project policy statement.)
Artix forum: “Brazilians OS mass surveillance law”: Artix community discussion rejecting the logic and feasibility of OS-level age-verification mandates.
Artix forum: discussion of XDG portal / compliance issues: More discussion around non-compliance and resistance to these surveillance-oriented mechanisms.

2. Advocacy (Rights, Law, and Public Pushback)

EFF — Age Verification and Age Gating: Resource Hub: EFF’s main hub explaining why mandatory age checks undermine privacy, anonymity, and access to speech.
EFF — How to Spot an Age Verification Mandate: Concrete breakdown of how these bills work.
EFF — Age Verification Systems Are Surveillance Systems: Why these systems are surveillance infrastructure, not harmless compliance.
StopOnlineIDChecks.org: Campaign site opposing online ID-check mandates.
Fight for the Future — Stop Online ID Checks Week of Action: Organized action against mandatory ID-upload and face-scan bills.
S.T.O.P. — Age of Surveillance: Report on the harms of age-verification laws.
S.T.O.P. — The Kids Won’t Be Alright: Report on how age/identity verification laws threaten privacy and access.
The TBOTE Project: Research on the lobbying and policy architecture behind age-assurance mandates.
TBOTE Findings: Public findings and source-backed research.
TBOTE Documents: Supporting documents and records.

3. Projects Showing the Debate Inside Privacy-Focused Ecosystems

GrapheneOS discussion: “Does GrapheneOS plan to comply with OS level age verification laws?”: Public discussion showing that users are already pressing privacy-focused mobile OS projects on whether they will resist these mandates. (Again: discussion, not a verified project-wide declaration.)
GrapheneOS discussion: “EU: Revised chat control accepted with ‘optional’ scanning included”: Discussion around the broader surveillance model, including age verification and client-side scanning concerns.

THE PRACTICAL RESPONSE: if Debian, Ubuntu, Fedora, Arch, or anyone else ships this apparatus, inspect the source package, apply the revert patch, rebuild it, and keep a clean package set. Free software is not a prison. The whole point is that it can be modified, redistributed, and defended.

The model only works if people behave like they are powerless. They are not.

Software can be changed. Packages can be rebuilt. Surveillance apparatus will be removed.

[-]

OkVariety8064@reddit

Thank you ChatGPT.

[-]

Cryptikick@reddit

Are there any inaccuracies, lies, or unchecked facts in my message?

I ask because I use AI as a grammar spellchecker, sorry if the perfectly crafted message makes you dismiss the work, even though it is IMPORTANT.

So, yes, I use AI, not to write shit out of the blue, but to help me express myself in a way that others will easily understand. So, those are MY WORDS, and MY RESEARCH. Not some random AI Slop.

Do you understand that?

[-]

OkVariety8064@reddit

So, yes, I use AI, not to write shit out of the blue, but to help me express myself in a way that others will easily understand.

Hard to believe, because the tone of voice, phrasing, grammar and rhetoric are exactly the same that comes out of ChatGPT.

The endless contrasts:
"We decide. Not X, Y or Z."
"The answer is not X. The answer is Y."
"People behave like they are powerless. They are not."
"Free software is not X. The whole point is that it is Y."
The ChatGPT conclusion: "X can be done. Y can be done. Z will be done."
The numbered topics with lists of bullet points.

So, those are MY WORDS, and MY RESEARCH. Not some random AI Slop.

Perhaps the research is your own. Perhaps you took a list of links and asked ChatGPT to write a call to action around it. Unfortunately the end result is that your entire post feels like AI slop, even if the source material isn't. The "ChatGPT voice" doesn't make your comment easier to read or more impactful, the AI voice is so trite and overused at this point that all it does is to make the reader reject the entire post as AI slop, even if it isn't.

Sorry if the perfectly crafted message makes you dismiss the work, even though it is IMPORTANT.

But it's not perfectly crafted. It reads like AI slop.

And if it is so important, why is it not important enough to write yourself? If it is not important enough for you to spend the time to write it yourself, why would it be important enough for others to spend the time to read it?

[-]

Cryptikick@reddit

But it is not AI Slop. The content seems accurate, right? I don't like inventing things or lie. As I've said, I care about this topic and want to convey a message that will be easier to understand, and fact-checked, so, yeah, AI helped rewrite my message for clarity (yes) and ensure that what I was going to post wouldn't be some random shit.

And I agree with you that in its current format it is also easy to dismiss as being AI Slop, even though I put time and effort on it to ensure it was not slop. Thanks for this analysis!

[-]

aceinthehole001@reddit

There's no way your AI is old enough to be allowed on the internet

[-]

Arnoxthe1@reddit

Why is this even a question? DO NOT COMPLY.

[-]

passwordisoptional@reddit

You know what happens to a Debian maintainer if they don't comply? Best case they lose their job. Worst case they go to prison. It's easy to casually recommend civil disobedience on reddit; it's a lot harder if you're the one who actually has to suffer consequences.

[-]

SiteRelEnby@reddit

They just put "not intended for use in tinpot surveillance states like california" on the website, and geoip block downloads there. Simple.

[-]

maz20@reddit

Except that these laws are going nationwide across several states, and might soon become federal law too...

P.S --> and apparently also in other countries like Brazil as well too...

[-]

Kadinnui@reddit

As mentioned above, don't comply in advance.

[-]

maz20@reddit

Not so fast ---> according to the US Court of Appeals for the 4th Circuit in Mobil Oil Corp. v. Attorney General of Virginia (1991):

Public policy should encourage a person aggrieved by laws he considers unconstitutional to seek a declaratory judgment against the arm of the state entrusted with the state’s enforcement power, all the while complying with the challenged law, rather than to deliberately break the law and take his chances in the ensuing suit or prosecution.

[-]

SiteRelEnby@reddit

That's the most shitlib thing I've heard all year.

[-]

maz20@reddit

Lol well that's how the law works in the US --> these statements are officially part of US case law (and hence legal precedent) now.

It seems like people here are confused between compliance in terms of "following a law" versus compliance in terms of "paying a fine" (which is the penalty described in CA-1043).

Compliance in terms of the latter can weaken legal defenses because it is assumed that such payment is an admission of guilt in an ongoing legal case that already exists (such as in traffic citations), while in terms of the former, compliance is merely following the letter of the law. If you openly do not comply in the former, you forfeit your right to dispute fines in the latter.

[-]

Arnoxthe1@reddit

Yes... You're right.

But it needs to happen.

[-]

TheOneTrueTrench@reddit

If they're in a relevant jurisdiction, they can resign from maintaining the relevant component.

If you can't maintain a component for the free world, you can't maintain it.

[-]

ahfoo@reddit

Go to prison? That's bullshit. What crime would you prosecute for if Debian ends support for users in California? What law would be broken?

[-]

marcthe12@reddit

Technically according to law, steep fines. Quite high actually. For many community distros will be a sizable percentage of the annual donation too.

If not mistaken around 7.5k per user.

[-]

Novel_Lie5519@reddit

buck up a bit

[-]

PeeOnAPeanut@reddit

Laws don’t work like that.

[-]

No-Bison-5397@reddit

What gives the state of California jurisdiction over Debian?

[-]

maz20@reddit

These laws are going nationwide across several states, might soon to be federal law too...

P.S --> and apparently other countries like Brazil as well too...

[-]

dishammer1@reddit

F the law

[-]

EmberGlitch@reddit

https://en.wikipedia.org/wiki/Civil_disobedience

[-]

FabianN@reddit

Civil disobedience comes with the acknowledgment and acceptance that you will take the prescribed punishment that the law dictates.

The question is, can they absorb that punishment?

[-]

CaptCapy@reddit

A better yet question, until they start hunting down people who wont, WHY COMPLY early?

[-]

Arnoxthe1@reddit

At this point, I just don't care anymore. Because these billionaires and politicians sure as hell don't. If laws meant anything anymore, then the current president would at very least be standing trial right now.

[-]

1neStat3@reddit

wtf? Literally wtf?

"we don't know how thus will effect us"*

How about reach out to CA Attorney General office fir clarification?

How about reach out to the lawmakers who wrote the Bill

https://legiscan.com/CA/sponsors/AB1043/2025

[-]

Migamix@reddit

Thing is, it's not a breaking app. It can be done with malicious compliance. And just be a tiny stupid app outside of any admin tools to take the installer's choice, and present it to whatever needs to know. It's not really going to restrict anything nor needs to be integrated into the os.

[-]

prof_dr_mr_obvious@reddit

I keep reading about end user age verification but there are way Linux servers on the internet than workstations. What would even be the point of putting end user age verification on a mail, web or database server?

[-]

Business_Reindeer910@reddit

that's because the rule isn't for servers.

[-]

maz20@reddit

If that is a problem for servers, how long do you think it will take Red Hat + other corporate server distros to request waivers and/or amendments?

It may be too early but I haven't seen a word from them yet lol

[-]

Business_Reindeer910@reddit

Well first we'd have to see indication that they even think it applies to them. If you see nothing from them at all, then they do not think it applies.

[-]

maz20@reddit

Or perhaps said "waivers" might just get granted "privately", meaning no word about this would need to reach the general public anyway lol

[-]

Business_Reindeer910@reddit

I don't see how that's possible since regular users can just download free RHEL for up to X installs (i think it was 10?) . They are gonna wanna know the answer.

[-]

maz20@reddit

On the other hand, like you said

Well first we'd have to see indication that they even think it applies to them. If you see nothing from them at all, then they do not think it applies.

using California's bill (CA-1043) as example, it doesn't look like any of this would necessarily apply to Red Hat anyway.

Not in the sense that they may be able to "ignore" CA-1043 with "zero" code changes in RHEL or upstream, but in the sense that it could well mean nothing for server distros anyway -- which already serve plenty of users of all ages from one "server user" account anyway (i.e, separate webapp accounts need not correspond to separate OS user accounts).

[-]

Business_Reindeer910@reddit

well as distributors they'd be responsibel for those things existing if it did apply to them. so you'd know more by what configs they implement rather than what packages they ship.

[-]

SiteRelEnby@reddit

Shut up Gavin

[-]

Natural_Night9957@reddit

Someone'll have to go to court first and I don't see non profits doing it.

[-]

maz20@reddit

Because mass surveillance is literally three-letter agency territory lol (which legal orgs likely understand as well)

How successful were the lawsuits against warrantless spying by the federal government back in the day?

[-]

Natural_Night9957@reddit

Nowadays such lawsuit could be considered terrorism. https://www.kenklippenstein.com/p/fbis-new-political-pre-crime-center

Which one holds traditional American values: the GPL or the MIT?

[-]

Natural_Night9957@reddit

The liberalism indoctrinated foss community is gonna die before adopting a revolutionary stance. Until then Sam Slopman's AI piloted missiles would have killed us all already.

[-]

ivosaurus@reddit

ACLU or FSF might be happy to, although I'm hoping it won't come to that

[-]

DesertTrailsFox@reddit

Donate!

[-]

torsten_dev@reddit

Going to court to protect user privacy is literally the number one reason to exist for most FOSS non profits.

EFF, SFC, OSI, FSF, SFLC, or even the aclu.

The KDE, Gnome, Linux, OpenBSD, and mozilla foundation have a stake in this too.

[-]

SiteRelEnby@reddit

FSF exists mostly as rms' personal soapbox for to cover for his Epstein links, lets be honest.

[-]

sinsworth@reddit

Wow, after weeks of following all the knee-jerk reactions to this legislative dumpster fire, it is truly a breath of fresh air to see someone take such a mature position.

[-]

dezmd@reddit

Not fighting at all against authoritarian corporatist back demands bribed into law is the mature option?

[-]

lazer---sharks@reddit

Yes, calling a local field a authoritarian corporatist back demand is unhinged.

[-]

Arnoxthe1@reddit

It's the first step in a series of many. It's not the requirement itself that is the problem. It's the implication. It's the precedent. There is nothing good that can come from this legislation.

Do not comply.

[-]

AgileAppearance8749@reddit

On one hand, yes, there's a significant chance that will happen. On the other hand, the entire argument that "it's just the first step of many" is based off of a slippery slope fallacy and thus fails to prove anything; however, just because it's a fallacy doesn't make it false.

[-]

helpful_herbert@reddit

It's not actually a slippery slope fallacy, it's just a slippery slope. The difference being, the fallacy is when you don't have evidence of the mechanisms and links between steps that result in what you're predicting. That's not the case here.

[-]

TropicalAudio@reddit

What this law mandates is a standardized interface for parental controls. There is a very meaningful difference between support for parental controls (i.e. allowing the owner of a device to set restrictions on specific users of that device) versus actual age verification (i.e. some outside entity, be it a company or a government, requesting proof of birthdate). The former is a good thing to have, the latter absolutely isn't. Conflating the two mostly helps proponents of the latter, because making sure people get the two mixed up helps them in pushing through privacy invading bullshit. Support for parental controls absolutely does not inevitably lead to nonlocal age verification, hence: slippery slope fallacy, not slippery slope argument.

[-]

maz20@reddit

What this law mandates is a standardized interface for parental controls.

Not really because the existence of such an standardized interface can be mandated independently of requiring all operating systems to include it by default.

Just like how you can mandate, for example, that establishments that serve alcohol have a "standardized interface" of verifying the age of its customers, while not requiring establishments that serve, say, "haircuts", to do the same.

[-]

helpful_herbert@reddit

This is absolutely true; and in a scenario void of the other variables currently at play, this feature would almost be great. It still wouldn't make sense to make it a legal requirement, especially for all operating systems, but it's a nice tool to have.

But as I stated before, there's a valid slippery slope argument to be made here. Mandating the infrastructure for this be built on all operating systems is the beginning of a predictable, measurable, observable effort towards something worse.

[-]

Arnoxthe1@reddit

The slippery slope fallacy isn't a fallacy if there is sufficient evidence of increasing escalation. And do you really seriously think they aren't going to try to escalate this? We need to stop this, even if just for the principle of the thing.

[-]

SwordsAndElectrons@reddit

I really do not get how the "no big deal" crowd does not see that the next step will be providing government issued ID to use any computer system. Ever. The California one does not disallow self-reporting, but other bills already have been proposed with provisions requiring verification included. (e.g. New York.)

[-]

wtallis@reddit

The California one does not disallow self-reporting

That's a peculiar way to spin it. The California law requires self-reporting and requires apps to trust the user-provided age information instead of asking to see government ID. It actively puts a barrier in place against the privacy invasions that people with poor reading comprehension keep saying are the inevitable next step.

[-]

Arnoxthe1@reddit

Tell me why this legislation should even exist in the first place? If it's really so useless, then why are they trying to pass it?

[-]

wtallis@reddit

If it's really so useless

It's not useless. You're probably making the very common mistake of assuming that the only useful effect an age-verification law could have would be to require people to show ID, and that any law allowing people to lie about their age must be useless.

The important, useful effects of California's law are what it does to software developers: forces platforms to standardize on one age-checking mechanism instead of each app coming up with their own, forces apps to actually rely on that standard platform-level age-checking API, prevents app developers from keeping their head in the sand and remaining deliberately ignorant of whether the users they're interacting with are underage and already protected by existing laws restricting what you can do to underage users and their personal information, and clarifies the liability in cases where a user lies about their age or a developer ignores age information.

The fact that the law does almost nothing to affect users directly or impose any requirements on them (and in particular, does not require users to actually provide their real age to the software they're using) shows how the California law is far more respectful of a user's rights and privacy than some of the laws being passed in other jurisdictions. California's law is a decent defense against the laws that would mandate that software ask to see your driver license or passport. The problems with California's law are mostly with its definitions being too broad and affecting too much software that's not at all relevant to the issue of age restrictions.

[-]

Arnoxthe1@reddit

You are assuming sanity and good intentions from these politicians, Californian or otherwise. Extremely bold of you to do so.

California's law is a decent defense against the laws that would mandate that software ask to see your driver license or passport.

There IS no "decent defense". Give them an inch and they will take a mile. And do not even try to tell me that they won't when several states have ALREADY considered far harsher age-verification in operating systems. Just because California's law may be the least worse of them all doesn't make the law right or give it a good justification.

I'm tired of being reasonable when they don't even listen to us. There is no "reasoning" here. No fairness. No respect for any of the general public. As such, we should start refusing to comply, flat out.

[-]

d_ed@reddit

If we are going to argue about a hypothetical future rather than what's actually landed let's follow that through.

Would you rather Netflix asks your distro in a way where we provide privacy and control or all your data for every site gets sent off to Palantir every time.

I know which future I would fight for.

[-]

Arnoxthe1@reddit

I would rather we simply reject the choice altogether and do what is right and needed. Which is non-compliance.

[-]

Arnoxthe1@reddit

They still haven't woken the hell up yet. But things will get steadily worse for everyone regardless until they finally do.

[-]

albertowtf@reddit

This is just a probe to see what they can get away with. The fact that is mostly harmless looking means nothing

If you comply, more will follow. If you are not aware yet at least heed my words so you can pay attention when it happens and maybe the next step, you dont call ppl advocating for it unhinged

[-]

sinsworth@reddit

No, taking the time to properly assess the situation is.

[-]

ThatOneShotBruh@reddit

I really don't get your comment because Fedora, Arch# and Debian have all basically had the same response of "we are not sure what we will do, we'll have to wait and see".

[-]

sinsworth@reddit

Fair, but other than that, what I've seen is either people already starting to pave the way for enforcing this dystopian cow poop (like the systemd age field), or people being very loud about what this is or isn't, both without giving it a proper legal/enforcability analysis.

For the record, we should absolutely be angry about this even if it ends up not applying to linux at all, and regardless of where we're from (I live nowhere near California or Brazil), but the ways I've seen this being addressed so far have mostly been wildly premature and counterproductive.

[-]

Jethro_Tell@reddit

Which I very much suspect is their legal counsel saying, 'don't say anything' it until we have a position'

This doesn't even apply for 18 months or something, no reason to box yourself in with an opinion early on.

[-]

muxman@reddit

If they're willing to violate their own self-proclaimed Philosophy, Mission and Social Contract then they'll comply.

If they are going to stand by those things they've claimed to stand for, the won't.

[-]

phobug@reddit

I’m a simple man, see phoronix I upvote.

[-]

hitosama@reddit

Can someone explain to me why is that even considered? I mean, isn't it on user to download if it's "prohibited"? One thing I could see is perhaps removing repositories from affected locations so they can basically say that user decided to download it despite law no allowing it.

[-]

Ghost_x_Knight@reddit

Will mainly affect companies with business in California (though there is a good chance law will be amended before 2027 or later restricted by courts).

On the user-level, it is unenforceable.

[-]

wtallis@reddit

On the user-level, it is unenforceable.

There's nothing to enforce on the user level. The California law doesn't really care what users do. It only dictates what developers (of apps, app stores, and operating systems) must do, but users are free to lie about their age without penalty.

[-]

newsflashjackass@reddit

"~~Debian~~ California is figuring out how age verification law will impact it"

[-]

SiteRelEnby@reddit

Honestly, we should be completely geoblocking California. ISO downloads, package repos, project websites, everything.

[-]

RedSquirrelFtw@reddit

They should just geoblock all of California from being able to download it and put a note in the license stating it is not allowed to use in California. When a jurisdiction makes such a ridiculous law non compliance is the only way forward.

[-]

stgiga@reddit

I'm a California user of Ubuntu and Debian since 2013 so I don't think APT breaking is a good idea.

[-]

RedSquirrelFtw@reddit

Would break a lot of stuff in California, and ideally force the government to change their ridiculous policy.

[-]

SiteRelEnby@reddit

Get a VPN or move to a less shit state then.

[-]

hm___@reddit

Its not their liability, if california doesnt want minors to download linux they would have to geoblock them like germany does with its dns blocking for stuff thats illegal in germany. US mirrors would probably have to implement a login with age verification for us IPs though.

[-]

RedSquirrelFtw@reddit

Oh yeah I agree, shouldn't even be pawning it on 3rd parties, they should be the ones doing the geoblocking. They should learn from North Korea, they run an oppressive regime with tons of overreaching laws but still manage to leave companies in other countries alone.

[-]

LurkingDevloper@reddit

This is a terrible way to do it, because you're also saying, "Contributors in X Jurisdiction DNI"

[-]

SiteRelEnby@reddit

Why the fuck not. Most projects are already Iran and North Korea DNI, so what's adding a third tinpot surveillance state onto that list?

[-]

Old_Leopard1844@reddit

"Contributors in X Jurisdiction DNI"

If X being Russia was basically accepted, why not California?

[-]

LurkingDevloper@reddit

What an interesting question at ask at 10AM Moscow time?

[-]

NoPriorThreat@reddit

or 9:30 am Helsinki time?

[-]

Old_Leopard1844@reddit

Nah, it was 14:30 KRAT at the time

Shame that less than month old account wouldn't know it

[-]

Old_Leopard1844@reddit

FYI, Russia has more than one time zone in it

[-]

Kazer67@reddit

Yep, same with France (which is worth in that case because we have and at the same time we don't have daytime light saving, so meetings jump one hour for some people twice a year).

Some country are really, really huge.

[-]

Business_Reindeer910@reddit

that's not ever happened.

[-]

atomic1fire@reddit

TBH I think they should just restrict age controls to package managers, and only for packages that a reasonable person thinks a child shouldn't have access to and aren't system critical.

[-]

SiteRelEnby@reddit

Shut up Gavin

[-]

atomic1fire@reddit

I don't think age controls should be necessary at all.

I just take the mindset that they make more sense within an app store then they do on something like freedos.

I think the whole thing is rigged on behalf of the lobbyists, so call it out as much as you want.

[-]

grathontolarsdatarod@reddit

Debian, if forces to.

Should make their code available to the government that chose to have these laws.

If those governments want to make a government approved operating system. They would be free to so do?

How hard would it be to open source Debian?

[-]

atomic1fire@reddit

Aight I'll bite.

Debian is a linux distro, with a heavy emphasis on free (as in freedom) software.

While I can't quite wrap my head around the administrative angle here, Debian is a collection of open source projects conveniently packaged into an ISO for install as an OS. Such is the nature of a Linux distrobution.

By that nature it can't be closed source, because everything within it is prescreened for open source licensing because that's the way the maintainers of the Debian package list (for lack of a better word) have opted to manage their repositories.

[-]

grathontolarsdatarod@reddit

So California can make their own fork.

[-]

SiteRelEnby@reddit

Shitlibian

[-]

Kitayama_8k@reddit

They should never release a new version again and security backport until the end of time.

[-]

SiteRelEnby@reddit

They should never release a new version again

Think they're way ahead of you on that one.

[-]

TheOneTrueTrench@reddit

Okay, what about Forky and Sid?

[-]

SiteRelEnby@reddit

If it isn't "tell them to jog on" then I'll have installed debian for the last time.

[-]

AsheLevethian@reddit

Currently on Debian but will be switching to Devuan.

[-]

dack42@reddit

What happens if they just slap a "not for use in California" message on the download page?

[-]

edgmnt_net@reddit

To be honest, I am quite interested what happens if they don't, particularly for stuff outside US. Judging by analogy with software patents, nothing. But looking how some projects tried such disclaimers or blocking, I wonder if things could go crazy.

[-]

MrMelon54@reddit

I wonder how many servers there run Debian. Would this also prevent Ubuntu from serving those regions due to Debian not allowing it?

[-]

edgmnt_net@reddit

Probably not, they patch Debian anyway. And ending up with patchwork age verification mechanisms is probably a good thing, since app stores and app developers will be more likely to complain to lawmakers, even if Linux is a small market.

[-]

Lyceux@reddit

Does the law still apply to enterprise/server operating systems? Or just consumer ones?

[-]

ivosaurus@reddit

The CA law specifically has absolutely no language differentiating that, which is just one of the reasons its so monumentally stupid.

[-]

No-Bison-5397@reddit

Ubuntu will likely comply with the law

[-]

No-Bison-5397@reddit

“Not for use in jurisdictions with age verification. Binary and source code supplied for research purposes only.”

[-]

dack42@reddit

Yeah, something to that effect that puts the burden of liability on those who are the jurisdiction of these ridiculous laws. I have no idea if it would hold up though - the lawyers would have to figure that out.

[-]

getridofwires@reddit

People of California, is this what you want?

[-]

6969_42@reddit

Of course it is. What you want is the opposite of what they want.

[-]

elglas@reddit

Sounds like we need a fashist bootlicker state respin, no need to pollute the rest of the world with this

[-]

emprahsFury@reddit

I would be very surprised if California could not simply target the individuals involved. It's hard to imagine a world where the California Attorney General doesnt name Andreas Tille for instance. You can't sue or arrest a group in any event, you've always had to sue or charge the members of a group.

[-]

lazer---sharks@reddit

> You can't sue or arrest a group in any event, you've always had to sue or charge the members of a group.

What? That doesn't seem true at all.

[-]

Sataniel98@reddit

It's somewhat right. You can only sue legal entites and multiple legal entities that don't have to be natural persons, but you can't sue "groups" in that sense if they aren't legal entities such as the Debian project. But it depends on your legal system what constitutes a legal entity, they don't always need to be registered or even founded explicitly. I believe Debian isn't a legal entity, but I'm not a lawyer and I don't know about US law or if it even applies to classify Debian.

[-]

Sataniel98@reddit

It's hard to imagine a world where the California Attorney General doesnt name Andreas Tille for instance.

Tille is a German citizen living and making his contributions to Debian in Germany. Debian is not based in California either since it's not a legal entity, and it doesn't specifically target a Californian or US audience. Californian law doesn't apply to him any more than Ugandan law. This may be shocking to Americans, but their laws don't automatically apply to the rest of the world. The only one who's potentially in trouble is the mirrors hosted in California (or other places where the law is in place), contributors who live there and downstreams based on Debian that operate there.

[-]

mediumwetsock@reddit

Never forget that Germany is US’s little bitch.