Hi David, Ian, Nathan and GCC all. Let's start from what we agree upon:
On April 17, 2021 6:11:57 PM UTC, David Brown <david.br...@hesbynett.no> wrote: > The way you go on about "controversial American companies" and "undue > influence" suggests you think these companies are forcing their > employees on the gcc steering committee to add backdoors to gcc to > tell Facebook what projects you are compiling, or make gcc only work > well on Red Hat. That would be utter nonsense. That's utterly nonsense, I totally agree. And I'm afraid there is a language barrier here because this is NOT the kind of undue corporate influence I'm scared about. > Do you have any justification for thinking that the number of such > "concerned people" is significant? For sure: in Europe, awareness about the risks of relying on US bigtech corporations is mounting fast. The recognition of the Privacy Shield as invalid did not come in a vacuum, and despite all of the lobbying, DMA and DSA are coming. The global blackout of Google, fixed globally at once some months ago, demonstrated that all the data of Europeans are effectively accessible from Google LLC, and many many people here are realizing what incredible and unbalanced power they are collecting. Moreover, such data are accessible to the US security agency too, thanks to the various laws that do not recognize any protection to the data of non-US citizens. And while concerned, they do not even consider how spread are Google Analytics, Google Fonts or how many European's companies and agency rely on its cloud services, giving them access to even more data. And this is just Google. IBM has been problematic since its creation. And seeing how much GAFAM penetrated Free Software is concerning for really many people, all over the world. > do you think they have any reason or justification for this concern? I think so. We know Google is used to spy on their employees: https://www.theverge.com/2020/12/2/22047383/google-spied-workers-before-firing-labor-complaint And when Timnit Gebru was fired everybody learnt that Google tells his researcher what to write and what NOT to write on their papers. We know they partecipated in ICE. We know that the members of the Steering Committee use their corporate mailbox while working on GCC. So I think it's quite reasonable to expect that their employers could read the SC's secret exchanges (since they technically CAN read them). And thus they could get priviledged access to dangerous zero-days far before the end of embargo, even without the SC's members realizing it. And they could share them. And obviously, knowing that your employer CAN read the secret mails you exchange in a project you lead, will be a constant burden on what you are going to say. And writing code is not different from writing papers. > So what is it that you think these companies are doing wrong for gcc? > How do you think they are influencing it? Well on a technical level, they are rising it's complexity so much that the 4 freedoms became 4 priviledge years ago. This was NOT inevitable. But it creates a solid entry-barrier to all freedoms except the first. And it happened on ALL projects that such US corporations "support". But there are many another ways such companies could badly influence the project. For example they could weaponize it politically against people hurting their interests. When the rms-open-letter was still new, the first organizations that signed it, were all heavily sponsored by the same corporation. FSFE did not signed the attacking letter, but joined the mob with its own. I was surprised to see FSFE trying to condition the governance of another indipendent organization (something that is really rare among European no-profits, almost an unicum). But soon I realized that since 2013, the exact same US company that back the early organizations that signed the rms-open-letter, was behind 10-20% of FSFE whole incomes. Even this whole debate on the Steering Committe was started by a Facebook employee that asked for RMS removal that, promptly accorded, uncoved the US corporate influence of the GCC. > Who are all these "concerned people" ? Outside the US (and sometime even inside the US), anyone who knows a bit of history, have read Wikileaks and Snowden's documents and understand a little bit about software production and supply chain. On April 18, 2021 1:39:02 AM UTC, Ian Lance Taylor <i...@google.com> wrote: > Some of the posts here do not follow the GNU Kind Communication > Guidelines > (https://www.gnu.org/philosophy/kind-communication.en.html). > > I suggest that people who want to continue this thread take it off the > GCC mailing list. Sorry Ian, I carefully considered wherther to reply to David or not. Ultimately I thought it was important to answer his public questions publicily since lack of response could be misinterpreted, as he wrote: > If you have justification, evidence, or even a rational argument for > your concerns, please share them. If not, please stop... But it was important not only to clarify that our concerns are shared by many technical and non technical people (I personally know hundreds of them among different categories: hackers, accademics, enterpreneours, politicians and plain users), but to clarify their nature. It's not about people. It's not about their personal integrity. It's about powerful corporations with a long track record of misbehaviours and with strong ties with US DoD, that in turn has a long track record of huge ingerence in foreign politics AND of violations in human rights. I have no doubt about your good faith and good will. But I'm not naive enough to believe that good people will can balance systemic issues and perversse incentives in the environment they work. This clarification was important and in topic with GCC governance because the thread is about "removing toxic emailers" and since I was depicted as a "jerk" and "concern troll" and you mentioned the GNU (!!!) Kind Comunications Guidelines, I thought it was a useful exercise to compare my post here with them to verify if one of the toxic emailers was me. In fact, all of the political issues I expressed here are about peoples' controlling their computing FOR REAL or not. Now please, do the same exercise with Nathan's request and follow up. https://gcc.gnu.org/pipermail/gcc/2021-March/235091.html https://gcc.gnu.org/pipermail/gcc/2021-April/235267.html Please compare his mails with the GNU Kind Comunications Guidelines too. Count the violaions. Then look at what he scatenated here and tell us whose behaviour has been more "toxic" to this project. I'm sure you are going to do a fair analysis and stay in topic. It's not my intention to put shame on Nathan, but since he is looking for policies to remove "toxic emailers", I think it would be an interesting proof that people deciding what is "toxic" are going to be completely blind to certain toxicities. And this, in the long run, would perpretate and legitimate the power imbalances that led us here. Giacomo