From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from 3.mo179.mail-out.ovh.net (3.mo179.mail-out.ovh.net [178.33.251.175]) by sourceware.org (Postfix) with ESMTPS id D70B2385781B for ; Sat, 3 Apr 2021 17:31:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D70B2385781B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=tesio.it Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=giacomo@tesio.it Received: from player786.ha.ovh.net (unknown [10.110.171.173]) by mo179.mail-out.ovh.net (Postfix) with ESMTP id 607A2194484 for ; Sat, 3 Apr 2021 19:31:43 +0200 (CEST) Received: from tesio.it (93-41-149-224.ip82.fastwebnet.it [93.41.149.224]) (Authenticated sender: giacomo@tesio.it) by player786.ha.ovh.net (Postfix) with ESMTPSA id 395B91CE97C9A; Sat, 3 Apr 2021 17:31:37 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-103G00500e4e87d-c0dd-4c5f-9c9c-99f712a40bcb, 6BC570E2D33C919F426C5D4815A76B4B92BA674C) smtp.auth=giacomo@tesio.it X-OVh-ClientIp: 93.41.149.224 Date: Sat, 3 Apr 2021 19:31:33 +0200 From: Giacomo Tesio To: Ian Lance Taylor , GCC Development , Gerald Pfeifer Cc: Thomas Rodgers , Nathan Sidwell , JeanHeyd Meneide Subject: Re: RMS removed from the GCC Steering Committee Message-ID: <20210403193133.00005b3d@tesio.it> In-Reply-To: References: <20210401011133.00001e9c@tesio.it> <20210401020415.00002c77@tesio.it> <20210402120541.000068a5@tesio.it> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Ovh-Tracer-Id: 11997026460961795798 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduledrudeikedguddulecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkjghfgggtgfesthejredttddtvdenucfhrhhomhepifhirggtohhmohcuvfgvshhiohcuoehgihgrtghomhhosehtvghsihhordhitheqnecuggftrfgrthhtvghrnhepgeetleevteehiedvffetudfhgfeifeejfffhvdfgjeejvdduieduuddtveekhedunecuffhomhgrihhnpeifihhkihhpvgguihgrrdhorhhgpdhgnhhurdhorhhgpdgtvhgvuggvthgrihhlshdrtghomhdpnhgrthhiohhnrghlshgvvgguphhrohhjvggtthdrohhrghdprghrtghhihhvvgdrohhrghdpvghurhhophgrrdgvuhenucfkpheptddrtddrtddrtddpleefrdeguddrudegledrvddvgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrhejkeeirdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomhepghhirggtohhmohesthgvshhiohdrihhtpdhrtghpthhtohepghgttgesghgttgdrghhnuhdrohhrgh X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_50, KAM_DMARC_STATUS, KAM_EU, KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Apr 2021 17:31:47 -0000 Hi Ian, Gerald and GCC all On Fri, 2 Apr 2021 14:25:34 -0700 Ian Lance Taylor wrote: > On Fri, Apr 2, 2021 at 3:06 AM Giacomo Tesio wrote: > > > > I'm sorry for this long mail that rivals with the original Nathan's > > request, but I wanted to back my request properly. > > This is free software. If you want to make it better, then make it > better. [...] So prove me wrong. Do the work. Well Ian, I'm glad and honoured to be appointed as a new member of the GCC Steering Committee [0]!!! :-D But now what? I'm still just one Italian hacker: all the huge imbalances that the removal of the only FSF and GNU member of the Steering Committee uncovered, are still there! > The EGCS branch that displaced and became GCC came into > existence because the people involved felt that it would make GCC > better (I was a participant myself, though not a major one). See > https://en.wikipedia.org/wiki/GNU_Compiler_Collection#EGCS_fork for a > few more details. A very interesting read, thanks! I didn't know that the Steering Committee was subject to these sort of power imbalances since 1999! It has been more than twenty years! :-o > I personally do not believe that the membership of the steering > committee is a significant cause of that problem. I would be surprised if you did! I mean, you are a member of such committee since 2 decades. And you are from the US. And you work for the biggest threat to global democracies and to all people's autonomy and freedom! But that's the fact with priviledge: if you have it, you can't see it. Yet as a C++ programmer, you will have no difficulty to properly abstract what Peggy McIntosh described in 1989[1] beyond the cultural context you share: US-priviledge is to the rest of the world, what white-priviledge is in the United States. [2] > But I could be mistaken. So prove me wrong. Ok, let's try! ;-) > This is free software. If you want to make it better, then make it > better. [...] So prove me wrong. Do the work. This is plain old open source rhetoric. https://www.gnu.org/philosophy/open-source-misses-the-point.html The GNU Compiler Collection is a GNU project and Free Software. I'm not suprised to see this sort of arguments from a FSF-less and GNU-less Steering Committee (nor from a Google employee[3]). Indeed it is what scares me so much, what makes me feel unsafe at contributing to GCC and it is exactly why I asked to fix the GCC Steering Committee after the removal of RMS. But you can see how flawed this argument is by comparing it with your own words: https://gcc.gnu.org/pipermail/gcc/2021-April/235269.html RMS was actively contributing to the Steering Committee without contributing a single line of code since years. So you proved that you (and open source rhetoric) are wrong. > If I knew how to fix that problem, I would work to fix it. Really? Well, let me do my job as a new member of the Steering Committee (:-D) and solve this problem for you and everybody else. In my original request[3], I proposed to solve it according to the recent precedent you established with the removal of Richard Stallman of Free Software Foundation [4][5], by simply removing enough employees of corporations ruled under the same legislation, until the global interests of the different economical regions and populations of the world are at least more balanced, if not more represented. But apparently you cannot decide which US-corporation should be thrown. (indeed US-corporations hold the vast majoirity of SC heads, right now). So we have two other possible approach: 1) dismantle the Steering Committee and assign its role to a benevolent dictator for life from FSF 2) ask to the Chief GNUisance to fix the GNU Compiler Collection's Steering Committee As for me, I'm not attached to power or priviledge: I'm fine with both. I happily resign from the Steering Committee right now (:-D). But to be honest, I think the second option is better. (Theoretically, adding RMS's oversight back to the Steering Committee could be a third option, since he would grant the same warranties as before, but you told he was mostly absent and didn't really followed the GCC evolution, so now I can't say if having him back would be enough anymore.) On Sat, 3 Apr 2021 02:22:08 +0200 (CEST) Gerald Pfeifer wrote: > On Thu, 1 Apr 2021, Giacomo Tesio wrote: > > Oh well, sure, but luckily the solution is just as fast and easy as > > it was to remove RMS: pick just one person for each nationality and > > remove the others. > > Why nationalities? That strikes me as a rather specific view focusing > on one of many attributes (and I believe there's more nationalities > than you might think, and a bigger variety of backgrounds). Well, this is a great question Gerald! After all, you removed RMS, that is American too! For sure there are different ways to classify people. Google, for example, revealed that they plan to build FLoCs with roughtly a thousand persons each, so we can desume they are able to segment the humanity into a milion of different behavioural groups, each responding to a particular set of cognitive manipulations (they call this large-scale automated global threat "AdTech"). So why nationalities? Well, there are a few good reasons indeed. To some degree, the people from a nation share the same history and culture, they study roughly the same topics at school, they share the same cultural environment and values, they share (on average) the same geopolitical interests and they benefit from the same power relations. Moreover they are subject to the same legislation. And some legislations are more problematic than others, for the people outside their rules. For example, the European Court of Justice had to invalidate the Privacy Shield because the US do not let US-corporation to respect the privacy of non-US people [6]. > > People all over the world, whatever their country, should be sure > > to be treated fairly and equally by the GCC leaders even if they > > want to contribute something that does not match the culture or > > interests you represent. > > I will argue that is the case as of today and would like to see > potential counter examples (if any) so that we can address those -or- > file the point above as FUD. No Gerard it's not FUD, but probabilistic risk assessment. https://en.wikipedia.org/wiki/Probabilistic_risk_assessment As you know, risk assessment is based on probability and severity of an outcome. Let's even assume that the probability of a misbehaviour in the SC is low (I think you can agree with me that it's not zero), can you estimate the severity of an espionage attack based on GCC? For sure, such severity is lower if you live in (or work for) the US[6]. But there are billions of people, millions of companies and hundreds of Governments relying on software built with GCC! Give a read at this: https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present) Then look at the GCC vulnerabilities discovered over the years https://www.cvedetails.com/vulnerability-list.php?vendor_id=72&product_id=960&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=5&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=8&sha=1983b3d9908d852bd8b1cb5901c82b110579ba01 I still remember the scandal of CVE-2000-1219 [7] and CVE-2008-1367 [8] but my favourite one is CVE-2015-5276 [9]. After the Snowden's revelations, having in the Steering Committee so many people working for companies with tight ties with the US Department of Defense, is a huge risk for everybody outside the US. Sure: they would always have plausible deniability for every bug, but... Please, do not waive this global risk as "FUD". Even if it doesn't affect you, it's a threat for everybody else. You removed FSF and GNU from the Steering Committee on request of a Facebook employee and because of RMS's "extremely offensive repugnant opinions" for some of your fellow citizens. Now I'm showing you an issue that is way more serious and hugely affects all people all over the world. We cannot afford to grant you plausible deniability on this. You promptly "fixed" the RMS issue. Please fix this too. Giacomo [0] Just kidding. ;-) Everything else being the same, my presence wouldn't change a dime. [1] https://nationalseedproject.org/Key-SEED-Texts/white-privilege-unpacking-the-invisible-knapsack [2] Indeed Trump was iconic: one of the most rich-white-straight-male among US citizens to rule the most priviledged among countries. [3] Unfortunately, Sinclair's law applies here: "It is difficult to get a man to understand something when his salary depends upon his not understanding it." [3] https://gcc.gnu.org/pipermail/gcc/2021-April/235285.html [4] GNU Compiler Collection's SC before FSF's and GNU's member removal http://web.archive.org/web/20210330171044/https://gcc.gnu.org/steering.html [5] GNU Compiler Collection's SC after FSF's and GNU's member removal http://web.archive.org/web/20210331192841/https://gcc.gnu.org/steering.html [6] I mentioned the US Cloud Act, FISA, PPD 128, E.O. 12333, etc but give a look at https://curia.europa.eu/juris/liste.jsf?num=C-311/18 [7] https://www.cvedetails.com/cve/CVE-2000-1219/ [8] https://www.cvedetails.com/cve/CVE-2008-1367/ [9] https://www.cvedetails.com/cve/CVE-2015-5276/