A single pull request turned a quiet open source contributor into the unlikely target of one of the Linux community's most heated controversies. We interacted with Dylan Taylor to hear his side of the story.

Dylan M. Taylor is not a household name in the Linux world. At least, he wasn’t until recently.

The software engineer and longtime open source contributor has quietly built a respectable track record over the years: writing Python code for the Arch Linux installer, maintaining packages for NixOS, and contributing CI/CD pipelines to various FOSS projects.

But a recent change he made to systemd has pushed him into the spotlight, along with a wave of intense debate.

At the center of the controversy is a seemingly simple addition Dylan made: an optional birthDate field in systemd’s user database.

  • jimmy90@lemmy.world
    112·
    11 hours ago

    Q. You say this is “just attestation, not verification” but we know that infrastructure always gets repurposed later. This is where the legit fear lies. Today it’s birthDate. Tomorrow could it be location, identity, or verification tokens? I understand that you are providing a workaround but where should we draw the line between compliance and resistance?

    A. Funny you mention that, location is already a field in userdb. Like birthDate, this field is also trivially nullable, stored locally, and can be set to anything. As long as we are talking about a user self-attesting a date - especially with the ability to enter any value we want - we aren’t in the realm of identity tracking. I draw the line at when a third party internet-connected service is doing validation of ID. Let’s be honest though, I strongly believe such a thing isn’t possible on a FOSS operating system environment unless they could control what was bootable on the device at a firmware level, enforce signatures to ensure that you couldn’t boot something unrestricted, remove the ability to be root, and block LD_PRELOAD so signals couldn’t be faked. There’s probably more ways to circumvent that. What I’m trying to say is real ID verification on Linux would be awfully hard to implement, and I guarantee you, nobody would put up with it. They’d fork to a version that doesn’t have it immediately as a protest. Right now, we’re considering implementing something akin to the date pickers that were ubiquitous when signing up for internet services in the early 2000s where it’s just an honor system. Things like actual ID checks and/or facial scanning + age estimation would be just too incompatible with Linux where we have the freedom to change whatever we want to.

    the intellectually diverse lemmings represented in this post and many others cannot understand this

    won’t stop them expressing their feelings tho, bless their hearts

    • Senal@programming.devEnglish
      31·
      4 hours ago

      That’s a sound argument, mostly (in the quote, i mean)

      If the technical implementation of how they would try and force age verification was the problem people were concerned about, this take would be very useful.

      Physical locks on glass doors are easy to bypass, doesn’t mean you won’t get shafted if someone just so happens to catch you in the act.

      If third party age verification is legally mandated the implementation being technically difficult (or easy to bypass) doesn’t stop it from being illegal.

      Being a condescending prick works better if the position you take is unassailable, you do you though.