203
Artix isn't going to comply with age-gating.
(forum.artixlinux.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Mar 2026
203 points (97.2% liked)
Linux
63789 readers
1488 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
First Artix made me not vulnerable to the XZ backdoor (requires systemd). Now it saves me from age verification nonsense. Even on Lemmy sentiment seems people who avoid systemd are just cranks. But every time we are right.
Iirc, the XZ backdoor was specifically targeting RH and Debian, which for some reason link libsystemd into OpenSSH. Afaik even upstream Arch was unaffected, not just Artix. The exploit code, though non-functional, still made its way onto your system (assuming you updated when it was in a release version).
I'm not defending systemd though, it's clear that Poettering's goals do not align with the rest of the Linux community. I'm saying that Artix not being affected by the XZ backdoor is not a good argument for why to use Artix or avoid systemd.
It's like saying "Linux doesn't get malware" because most desktop malware targets the OS with the largest desktop userbase, Windows. This alone doesn't suddenly make Linux "better". That doesn't mean there aren't other reasons to avoid Windows.
It saves you from what exactly? As a rational crank, surely you have an explanation.
Unless you use xdg-desktop-portal, the field that systemd added does absolutely nothing.
It's an optional information field for user accounts, systemd doesn't require that it is filled nor does systemd do anything to verify or check the field. User accounts also store e-mail and location and you are free to not enter that information or to enter fake information.
I don't see the vulnerability, especially considering that you're comparing it to an SSH vulnerability (which, it should be noted, was caught in testing and never released).
The rational is systemd has a huge amount of features that normal desktop users will never need. If you use something like OpenRC or Runit the experience is not much (or any) different. All those features will introduce complexity and potential bugs and vulnerabilities.
Sure it doesn't add much, but many of the systemd things are 'not much'. But together it is a lot.
Luckily it was the case, but it was way too close for comfort. It doesn't change the fact that bloated systems like systemd are what enable these types of attacks. If you use many of its features I'm sure its great, all software has bugs and holes in it. But the point is that if you don't need the features you don't need to expose yourself to the extra bulk and risks. Same for things like sudo vs doas. Almost everyone uses sudo but 99.9%+ doesn't use any features that doas doesn't have. And then of course systemd invents its own alternative 😅.
And then there is the Unix philosophy. If we need age verification, why does it need to be in the init system? Why not a separate package that can be installed along side any init system / kernel / desktop environment / etc? If it lives in the init system, every init system needs to implement their own version of it.
I understand the arguments against systemd. It isn't just an init system and it fulfills multiple roles, which goes against the Unix philosophy.
That being said, systemd does store user information. Since this issue requires the storage of additional user information, in order to comply with the law, the systemd team are making their software compatible with complying with the law.
Ultimately, it's the end user who gets to determine how the software is configured. You can ignore the birthdate field and systemd will not do anything to prevent you from doing so. systemd doesn't require the data in order to operate, it doesn't verify the data and it doesn't prompt you to enter the data. The consequences of ignoring this addition are exactly zero.
It's simply there because a law exists and users of systemd (like xdg-desktop-portal) require a location to store the data.
I hate the age verification laws and think they're going to cause more problems than they claim to solve. I'm not cheering on these laws, I'm simply pointing out that attacking systemd for adding an optional field in order to allow compliance isn't rational.
Aim the ire at the people making the laws, not the volunteer developers who are following laws even if they don't like them.
I think the issue outside of capitulation is the matter of systemd's obligation or lack thereof to make this change. Systemd by law isn't required to do anything. xdg-desktop-portal more so is, but that raises a bigger question: Why is a jurisdiction specific requirement being rolled into this? Do all jurisdiction specific requirements need to be loaded for optional use? Why is this being shunted to xdg-desktop-portal to handle the brunt of this?
Ultimately the PR was closed and for this very reason:
Expanding on that, the outright shortsightedness of the request is made more clear further into that discussion: https://github.com/systemd/systemd/issues/40974#issuecomment-4018655808
Most of what systemd does isn't based on an obligation, it's based on creating a system that fulfills the needs of the users of the software.
xdg-desktop-portal was adding age verification and the logical place to store that information is in the user's records. systemd is the project which xdg-desktop-portal looks to for storing user records and so systemd added a field to support xdg-desktop-portal's requirements.
Like I've said elsewhere, I don't agree with the age verification laws... but they do exist. The software developers in the various projects are attempting to comply with them (or not, as in the OP) in their own ways. Nothing that systemd is doing here will affect you unless you want it to. The field is optional and not verified by systemd in any way (other than ensuring that it's an ISO 8601-compatible date).
The contention was that the field would only work for complying with a single state's law and the data wouldn't be useful to comply with other laws. For example, if a state defined an adult as 18 and another state defined an adult as 16 then simply storing 'Adult: [True|False]' would require individual fields for each legal jurisdiction. So it doesn't meet the specifications globally.
To fix this, the PR that was merged stores a birthdate and leaves it to the application to determine how to use that information for compliance. Here's the merged PR:
https://github.com/systemd/systemd/pull/40954
I totally get what you are saying, and I don't think we are really in disagreement about anything here. This is just my personal point of contention.
Its opening a can of worms for xdg-desktop-portal and systemd for something that they don't need to or shouldn't need to act on. If they make this change then: If the Afghani govt issues a request for gender, they should include that in userDB as well then. If Colorado's new law requires age data to be held differently or different format, they will need to include that as well then. COPPA already exists, so do they need to further change how they store this data? If a new federal law is passed for age verification, they will need to support that on top of the existing state laws. Should it be jurisdiction specific? EU laws might state you can't arbitrarily store this data, so now you need to check operating geo. Which jurisdictions do you honor? Which do you ignore?
Its optional until made so convoluted that its required. I think what's so interesting to me is how this all goes back to a 30+ year old debate on the UNIX philosophy.
Oh yeah, this is totally a can of worms that I don't think we should be opening.
I just channel that into yelling at politicians, the FOSS devs are on our team they just have to make the best of a dumb situation.
Yet. it's a foot-on-the-door to demand more stuff, and some distros have already shown they are going to merrily open up their arses and ours.
This is something being created in response to laws being passed by politicians, it's not a secret plot by systemd and distro maintainers to... whatever it is that you're implying.
This is about as scary as the realName, emailAddress or location fields. They're completely optional and not validated in any way. You can call yourself Linus Torvalds set your e-mail address to gaben@valve.com and your location to Mars... nothing about the system is going to check or care if you're lying. Similarly, now you can set your birthdate to April 20th 69BC if you'd like. It doesn't mean anything.
e: I lied, it has to be ISO 8601 compliant so anybody born before 1900 is ineligible for Linux, smh
Literally nobody: https://en.wikipedia.org/wiki/List_of_the_verified_oldest_people
AFAICT even the oldest unverified person was born in 1900 https://en.iz.ru/en/node/2061564?main_click
Someone in the future may be born before 1900, we can't know for sure.
Honestly wouldn't be surprised if the slippery slopers claim that this is just the first step, eventually they'll make it ban anyone born before 1970, then 2036
To be fair, when it comes to both physical and digital fascism, every time the slippery slopers have been told they are sloping and exaggerating, they are actually proven right.
And when people are exaggerating and lying about what laws are actually being passed, they always yell slippery slope, and get to sneak off silently when actually proven wrong. L
I've been slippery sloped already in one of these conversation threads.
Oh they passed a law that doesn't require age verification?
But what if they passed it as a pretext to pass a different law later to kill your nan.
It's disappointing to see the lack of good conversation around this isn't due to tool limitations or reddit being terribly moderated, but rather there are a lot of people who genuinely just want to invent stuff to get mad about and if you point out that isn't what's happening they'll just yell slippery nipples the sky is falling!!! Over and over.
Whatever happened to the EU meme law that was widely misinterpreted on reddit as the end of the world, I guess nothing.
Hot takes and creative fiction is more entertaining than boring reality and that behavior is enforced by social media systems (like likes). It isn't fun to read 'they passed a law that's largely symbolic' as 'The end of the Internet is upon us'.
Outrage and self-righteousness feel good and appearing cynical is a cheap way to look intelligent.
Alternatively, something like half of social media traffic was shown to be bot-sourced and a goal of adversarial influence campaigns is often to simply stir up conflict so I keep my sanity by believing that a good portion of them are not actual human people, just evil LLMs trying to piss everyone off (and a lot of the rest are simply people who've been fooled by the false consensus into aping those same bot tactics and/or literal children)
Some topics, like discussions around AI, are so heavily toxic that I find it hard to believe that it isn't being signal boosted in some way.
xzutils doesn't require systemd.
I doesn't but the exploit required it.
xzutils does not require systemd, I'm not sure where you're getting this from.