Per the very first reply on their thread discussing it in their forums, which I linked directly to for the post title:
We’ll NEVER require any verification or identification from the user.
However, what’s gonna happen should the attempts to age-gate the XDG portal screw over alt-init distros like Artix too? My guess is maybe they start blocking regions which force age gating like Arch Linux 32 is doing.
I understand the arguments against systemd. It isn’t just an init system and it fulfills multiple roles, which goes against the Unix philosophy.
That being said, systemd does store user information. Since this issue requires the storage of additional user information, in order to comply with the law, the systemd team are making their software compatible with complying with the law.
Ultimately, it’s the end user who gets to determine how the software is configured. You can ignore the birthdate field and systemd will not do anything to prevent you from doing so. systemd doesn’t require the data in order to operate, it doesn’t verify the data and it doesn’t prompt you to enter the data. The consequences of ignoring this addition are exactly zero.
It’s simply there because a law exists and users of systemd (like xdg-desktop-portal) require a location to store the data.
I hate the age verification laws and think they’re going to cause more problems than they claim to solve. I’m not cheering on these laws, I’m simply pointing out that attacking systemd for adding an optional field in order to allow compliance isn’t rational.
Aim the ire at the people making the laws, not the volunteer developers who are following laws even if they don’t like them.
I think the issue outside of capitulation is the matter of systemd’s obligation or lack thereof to make this change. Systemd by law isn’t required to do anything. xdg-desktop-portal more so is, but that raises a bigger question: Why is a jurisdiction specific requirement being rolled into this? Do all jurisdiction specific requirements need to be loaded for optional use? Why is this being shunted to xdg-desktop-portal to handle the brunt of this?
Ultimately the PR was closed and for this very reason:
Expanding on that, the outright shortsightedness of the request is made more clear further into that discussion: https://github.com/systemd/systemd/issues/40974#issuecomment-4018655808
Most of what systemd does isn’t based on an obligation, it’s based on creating a system that fulfills the needs of the users of the software.
xdg-desktop-portal was adding age verification and the logical place to store that information is in the user’s records. systemd is the project which xdg-desktop-portal looks to for storing user records and so systemd added a field to support xdg-desktop-portal’s requirements.
Like I’ve said elsewhere, I don’t agree with the age verification laws… but they do exist. The software developers in the various projects are attempting to comply with them (or not, as in the OP) in their own ways. Nothing that systemd is doing here will affect you unless you want it to. The field is optional and not verified by systemd in any way (other than ensuring that it’s an ISO 8601-compatible date).
The contention was that the field would only work for complying with a single state’s law and the data wouldn’t be useful to comply with other laws. For example, if a state defined an adult as 18 and another state defined an adult as 16 then simply storing ‘Adult: [True|False]’ would require individual fields for each legal jurisdiction. So it doesn’t meet the specifications globally.
To fix this, the PR that was merged stores a birthdate and leaves it to the application to determine how to use that information for compliance. Here’s the merged PR:
https://github.com/systemd/systemd/pull/40954
I totally get what you are saying, and I don’t think we are really in disagreement about anything here. This is just my personal point of contention.
Its opening a can of worms for xdg-desktop-portal and systemd for something that they don’t need to or shouldn’t need to act on. If they make this change then: If the Afghani govt issues a request for gender, they should include that in userDB as well then. If Colorado’s new law requires age data to be held differently or different format, they will need to include that as well then. COPPA already exists, so do they need to further change how they store this data? If a new federal law is passed for age verification, they will need to support that on top of the existing state laws. Should it be jurisdiction specific? EU laws might state you can’t arbitrarily store this data, so now you need to check operating geo. Which jurisdictions do you honor? Which do you ignore?
Its optional until made so convoluted that its required. I think what’s so interesting to me is how this all goes back to a 30+ year old debate on the UNIX philosophy.
Oh yeah, this is totally a can of worms that I don’t think we should be opening.
I just channel that into yelling at politicians, the FOSS devs are on our team they just have to make the best of a dumb situation.