Fork time? Maybe all the anti-systemd zealots were right all along…
Edit: To address whether it is likely that this change will affect users: Gnome is planning a stronger dependence on userdb, the part of systemd where this change is being implemented. https://blogs.gnome.org/adrianvovk/2025/06/10/gnome-systemd-dependencies/
Final Edit: The PR has been merged into main.
Red Hat probably could afford to go to court over those laws. Maybe should, too. Maybe just passively ignore them until someone drags them to court for it. But all of that would be independent of this change.
And just what is that impact?
“Here, you have a space to write stuff down.” So what? If I’ll never read it or verify the contents, what difference does it make?
That every distro will inherit a field containing a birth date, whether they want it or not.
That “stuff” is a personal information that not everyone is legally equipped to deal with. In EU there are specific laws protecting storage and usage of personal information.
Your "stuff"can potentially create more problems than the ones it tries to solve, assuming good intentions.
You mean like email address, real name, location? Because those fields exist already. I’m not aware that they have ever caused any issues, even though real name and location should be more critical in a doxxing or surveillance context than “just” the date of birth.
I assure you, I don’t have my email, real name or location stored in my userdb. Nobody makes me enter them. Nobody cares. Nobody would verify if I did. What’s stopping me from entering 1970-01-01 as my DoB, if I enter anything at all?
If I’m the one storing, transmitting, querying and processing PII, I’m responsible for it. If my distro were to require email verification, proof of identity for the real name, records of my place of residence or employment to ensure the location is accurate, that would be an issue, and that would make the vendor liable for handling that data.
That is what the GDPR and related laws are actually concerned with, not the exact format or place they’re stored. Otherwise, you’d have to ban me from creating text files: I might store someone’s phone numbers in there.
I’ve been using Linux for many years and not even once I’ve seen those info being requested by the operating system.
There’s a huge difference between YOU putting your info by your own accord wherever you want (look at what people do on Facebook) and an operating system requesting those.
In case you didn’t notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they’re trying to shift the responsibility to operating systems of all things, and that’s not acceptable.
Is it though? As best as I could tell, this PR is literally just adding the field next to the others, not requesting shit.
Absolutely. I just disagree that this particular addition (particularly considering all the fuss about making sure it doesn’t show up in logs and dumps and what not) is a problem. I don’t think this is the hill that battle should be fought on. Adding or not adding it to systemd doesn’t make the OS / distro built on top of it any less responsible for their handling of that data.
It does provide a standard and (somewhat) central place to implement the security aspects of it though.
That would be the case if everyone used systemd, but it’s not, sysvinit distros still exist and they’re not going away in the foreseeable future.
I could agree with this if the reason for this PR wasn’t age verification, that’s indeed a battle that needs to be fought, on every piece of the puzzle.
That’s nice. Doesn’t change the fact that it needs to be stored somewhere, if the maintainers end up facing legal pressure to implement it. Opposing one (optional) way to store it won’t fix the issue, it’ll just result in the same splintering of competing standards we see everywhere else, with the attendant difficulties in ensuring security and quality across the board. In other things, that might matter less, but if we’re pissed about having to hand over PII to one instance, I’d be even more wary of it being stolen.
You’d be cutting off one leaf of a tree.
Are you going to oppose every other system that allows storing data too, because it might be used to store data for age verification?
No, it’s a battle that needs to be fought at the focal points: lawmakers, law enforcement, developers implementing the verification tools, companies using them.
Spending time and energy waging a culture war over the most insignificant, replaceable, trivial part of it will achieve nothing. It sacrifices all nuance and bulldozes all discussion of other merits (or issues) systemd might have.
There are legitimate, reasonable complaints to have with systemd. “We added a data field, which we’re trying to make sure doesn’t end up in the wrong hands” isn’t one.
Fuck these laws, and fuck the fascists using kids as pretense for surveillance.
Sure, but trying to apply it to the entire world when only a few countries are currently impacted is fishy at best.
And no, we don’t know yet what the entire world will do about it, even if Meta is trying to lobby everyone, there’s also a push for making opensource exempt from it, in that case those applying the PR have worked for nothing.
It depends, if the purpose is age verification then yes I will oppose it.
I didn’t have any so far, for the very simple reason that I don’t have the technical knowledge to judge by myself. This PR tho doesn’t require any tech knowledge to understand what’s going on.
The road to hell is paved with good intentions, even tho by reading the PR thread I’m not sure the intentions behind the push are actually good as you seem to believe.
That’s something I fully agree with.
Let’s hope it succeeds. Actually, let’s hope the law is overturned entirely. And while we’re at it, let’s hope Meta fails, crashes, burns and takes all its bullshit down with it, but that’s only tangentially related.
Then I’ll not tell you what I intend to use that encrypted hash I’m writing to my app’s data storage for.
Any data storage can be abused. This one is transparent about its content, but I don’t see anything implying that you have to enter anything, let alone have to enter your actual birthdate. It can be used for parental controls, it can be used for age restrictions, but if I implement age verification, where I store that data on your machine is the least of your worries.
Where I store your ID on my machine, on the other hand, should be more concerning, and even more so the fact that I need your ID at all.
We can argue whether this is necessary, whether it can serve reasonable use cases (such as voluntary parental controls), but at the end of the day, it’s such a small and exchangeable part of the system that it’s not worth the shit people give systemd over it.
I think controlled, transparent storage is better than intransparent, and any storage is only as evil as the things using it. Target those things instead.