Your words, not mine. If they were afraid of malicious code coming from these sources they would’ve removed them earlier and not only after their legal department recommend these maintainers be removed.
Open source doesn’t mean that malicious code isn’t impossible though. For a project as large as the Linux kernel it is unlikely, but see the xz-utils incident earlier this year for example. https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Yes I expected that argument. My point was there was no valid reason to remove them. The xz case didn’t convince any other projects to get rid of maintainers based on their nationality after all.
It’s obviously my own opinion that what Linus did was an nonnegotiable red flag but I’d prefer to stick with it for now. I guess making this discussion political was a pretty harmful decision so I’ll remove some of my replies in order to avoid creating more drama.
