The systemd project did not “force” (did not even ask for!) its dynamic library being included in OpenSSH.
Systemd just offers a helpful service readiness mechanism, which Debian package maintainers happily chose to adopt as an integration mechanism for the SSH daemon.
If I had been a Debian package maintainer at that time, chances are that I’d have added the systemd dependency (and by extension, xz) to OpenSSH too.
Systemd’s readiness/sd_notify mechanism just happens to be extremely helpful, so in principle the Debian maintainers didn’t do anything wrong by adopting it (except in hindsight).
As a general observation, userdb has very little to do with systemd. Yes, an implementation is provided by systemd but you can create users to populate your userdb by dropping JSON files (edited with vi, in the correct format, with the correct naming) in a correct directory (and I have tested this and it works since I bothered to install the relevant package on account of this topic).
At the end of the day, the law applies to whatever it applies to. An ahole government could just ban any non-compliant computer from the internet. Is that your stand? Do you think your ISP will defy the government in order to support you or do you think the ISP will meekly cave in and leave you off the internet?
Don’t get me wrong. I see where this could go. I see the negatives. I don’t even like the current law.
Sure, but the time for the fight is before it becomes law. Once it is law, it is unlikely that any company is going to stand up for you.
Yes, you can vote for any politician who says that s/he will vote to repeal the offending law.
Apple has already implemented this and it is, apparently, live in at least one country (ironically, not the US). It is still completely optional but if you decline to “prove” your age to Apple then you are treated as a child. For 90-something percent of apps / web sites, it won’t make any difference. Personally I would be fine for Apple to continue to treat me as a child i.e. I don’t have to surrender any (more) information to Apple.
However if we reach the point that Apple moves the dial so that it is no longer optional and Android is doing the same, it isn’t necessarily in our interest to opt out. Not only are you easier to fingerprint but you are easier to discriminate against.
To avoid fingerprinting, I recommend that all Linux users who are adults specify their birthDate as 1 Jan 1970.
Although as this patch isn’t available to me yet, I don’t know whether the new field is just a date or a full date/time. Realistically, no user is going to be asked to enter a full date/time.
Just a caution for anyone who is messing around with userdb … the way it is implemented, which doesn’t look right to me, by dropping a JSON file in the right directory it is possible to lock yourself out of your computer …
specifically if the JSON file pertains to yourself and the JSON file does not contain a copy of your password hash details (copied from /etc/shadow but in the right format).
I expected that userdb would merge the fields from the multiple sources. That does not appear to be the case. Instead it appears that one source just has priority over / masks another, for any given user record.
No drama though. Just live boot and temporarily rename the offending JSON file.
