293
Debian Project Leader Addresses New Age Verification Laws (linuxiac.com)
submitted 6 days ago by cm0002@lemy.lol to c/linux@programming.dev
110 comments fedilink hide all child comments

Debian Project Leader Andreas Tille has addressed the ongoing debate over age-verification laws and their potential impact on free software operating systems. Long story short: he clarified that Debian has not adopted a position and is awaiting legal analysis.

In his latest “Bits from the DPL” message, Tille stated that the main question is whether operating systems and package distribution mechanisms might be required to provide age-related information to applications.

He noted that Debian and other projects are discussing the issue, and that Software in the Public Interest, a non-profit corporation founded to act as a fiscal sponsor for organizations that develop open-source software and hardware, has begun seeking legal guidance.

you are viewing a single comment's thread
view the rest of the comments
[-] vk6flab@lemmy.radio 29 points 6 days ago* (last edited 6 days ago)

This is what the DPL actually wrote on the subject:

Recent discussions have started around new age verification legislation that may affect free software operating systems. In particular, the California Digital Age Assurance Act (AB 1043), expected to take effect in 2027, raises questions about whether operating systems and package distribution mechanisms could be required to provide age-related information to applications. In parallel, a recently adopted law in Brazil appears to introduce similar requirements and is already in force, with initial interpretations suggesting it could apply to components such as package management tools. These developments are currently under discussion within Debian and other projects, and SPI has initiated efforts to obtain legal guidance. At this stage, the situation remains unclear, and further analysis is ongoing.

From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way. It seems plausible that obligations, if any, may primarily affect redistributors or commercial entities building products on top of Debian. In such cases, Debian would as usual be open to contributions that help downstreams meet their requirements, while keeping such features optional and respecting the needs of users in other jurisdictions. However, this is an area where proper legal analysis is still required.

Source: https://lists.debian.org/debian-devel-announce/2026/04/msg00001.html

[-] tburkhol@lemmy.world 27 points 6 days ago

From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way. It seems plausible that obligations, if any, may primarily affect redistributors or commercial entities building products on top of Debian. In such cases, Debian would as usual be open to contributions that help downstreams meet their requirements, while keeping such features optional and respecting the needs of users in other jurisdictions. However, this is an area where proper legal analysis is still required.

I found this part very reassuring. Being neither a lawyer nor having read any of the legislation (of which I am not a subject, anyway), the "it's not our job" approach seems very reasonable. Facilitating downstream vendors who do want/have to comply seems like an exceptional effort to show good faith to local legal processes, while remaining, fundamentally, just people freely sharing knowledge.

I hope their lawyers can make that work.

[-] Skullgrid@lemmy.world 5 points 6 days ago* (last edited 6 days ago)

I wonder what the perspective is on Systemd, which debian uses, starting to implement this shit already, ~~with the same bootlicker already ruining XDG~~

[-] ThomasWilliams@lemmy.world 1 points 5 days ago

The legislation is clear and unambiguous : an operating system must provide an age verification which is able to accessible by third parties on the internet.

From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way

There's no mention of selling in the law.

[-] psud@aussie.zone 1 points 3 days ago

Which component of Debian is an operating system for this purpose? The desktop environment? The system service? They come from various third party providers

[-] vk6flab@lemmy.radio 3 points 5 days ago

And how is an operating system defined in that law?

Should this be handled at the BIOS level, the kernel level, the init level, the packaging level, the GUI level, the user login level, the user desktop level, or somewhere else entirely, like a derivative distribution with its own layers, some of which will be different from the base distro?

I'm asking because each of those levels are pretty much handled by different groups of individuals, groups and organisations in different jurisdictions, cultures and countries.

While we're talking about options on where to put this "feature", who is liable for it not being implemented?

You might have an opinion on where it "should" be, but I can guarantee you that there are at least as many opinions on where it should be as people you ask.

That's why the Debian Project is doing what it is.

this post was submitted on 04 Apr 2026
293 points (99.0% liked)

Linux

13211 readers
580 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev