Will FreeBSD be available in California in 2027?

[6502]

They could potentially convict/fine them, but there'd be no actually consequences for the developers as long as they stay out of areas with extradition or enforcement agreements in place. Inside the US, it can potentially get kind of complicated, but the same sort of thing should apply that CA can't compel them to follow their state law.

Do you think it is good to take such "small" risk with unknown future development... And for what - to write some free software?

 

[vmb]

If software is web browser, it will need age info and will ask the OS for that info. If the software is local Chess game or desktop calculator or word processor - it does not have age limitation and does not need this info. (This is how I understand the law.)

I guess you didn't read this bit of the California law:

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

Installing a package from an online repository (downloading) and then using it (launching) will require the package to request a signal for age assurance and again when the application contained within it is run.

 

[vmb]

I think operating system and package developers should build in self destruct mechanisms that are executed automatically on or after enforcement date when IP geolocation detects it being used in the offending territory. This will require another clause to the license that the system owner agrees to the self destruct in order to protect THEM from using non-compliant software.

 

[vmb]

I guess the FreeBSD foundation has 13 days left to decide what it will do in Brazil. Deleting all Brazillian mirrors and geo-blocking Brazil may be the only practical method of achieving compliance before the enforcement date.

https://fpf.org/wp-content/uploads/2025/12/Issue-Brief-Brazils-Digital-ECA.pdf

 

[hedwards]

Do you think it is good to take such "small" risk with unknown future development... And for what - to write some free software?

Like I said, IANAL, but it is worth keeping in mind that it's unlikely that this will actually be constitutional in the US. And it's questionable as to whether they could extend it to developers that are writing code on other sections of the OS. But, these things can be extremely murky whenever you're talking about tech just because of how novel it can be legally.

Personally, I don't know any languages that would allow me to be directly impacted by it, but if I weren't in an area that's covered by one of these laws, I'd definitely keep contributing. If I were, that's where it gets pretty complicated as I don't expect that these laws in the US will be allowed to stand on the basis that the 1st amendment does apply to source code, I can't say the same for other countries that may not have the same protection of speech.

Most likely what's going to happen is that there will be geoblocking and possibly click throughs certifying that you're not in one of those regions, but this is a new area of laws that are popping up, so who knows what any court system is going to rule on it.

 

[hedwards]

I guess the FreeBSD foundation has 13 days left to decide what it will do in Brazil. Deleting all Brazillian mirrors and geo-blocking Brazil may be the only practical method of achieving compliance before the enforcement date.

https://fpf.org/wp-content/uploads/2025/12/Issue-Brief-Brazils-Digital-ECA.pdf

I saw that earlier, but didn't have a chance to get a source for it. This is in some ways a much bigger deal than in the US where the laws are likely to get tossed. I'm pretty ignorant about how exactly the legal system down there works as it's presumably an evolution over the system that Portugal uses which is a different tradition entirely.

The particularly big deal is that developing nations like Brazil are in a position where they can develop their software ecosystem in a way that uses FOSS options, or not. And a requirement like this is pretty easy for a commercial OS to implement, compared with opensource projects where complying may well violate the license.

 

[AlfredoLlaquet]

The US has a great tradition of national parks. Perhaps people should move out of California and the whole state could be converted into one.

 

[cy@]

The folks at Fedora have some interesting comments at https://discussion.fedoraproject.org/t/california-age-verification/.

Canonical had released a statement that they were implementing age verification then retracted it.

As I said in the hackers@ ML topic, we should wait and see what the Linux distros will do. Right now it's too early to tell.

 

[roper]

It is worth noting that the same mechanism which prevents misuse of minority owned business tags by racists will also prevent the misuse of this mandate by pedophiles in search of verified children.

 

[astyle]

This stupid law that is just the first step in further reaching surveillance, should be resisted. The first move should be to legally exclude downloading and use in California. I think it will even be necessary to remove all distribution methods (official mirrors) from California and have a contractual agreement on every download page.

I have read the actual law https://legiscan.com/CA/text/AB1043/id/3269704 and my understanding is that it will require modifications to the package repo (and all mirrors) to prevent age restricted software from being downloaded or installed by a minor, and that to achieve that, EVERY package in the repo will have to be assessed and given an age rating. This means existing packages and every time a package is updated on the repo.

This is an enormous amount of work and could even include downloading from Git repos and other software source code repositories.

It is far simpler to change the licenses to have clauses that:
1. Prohibit the use of the software in California and other territories implementing the same or similar laws.
2. Prohibit the distribution of the software to anyone in California and other territories implementing the same or similar laws.
3. Prohibit the use of the software by all branches of the State of California Government.
4. Impose a contractual agreement for financial compensation paid to the software authors, publishers and distributors that is jointly and severally bound to all offenders that do not comply with the above clauses.

Yes, this is going to seriously affect the income of those doing business in California, but there is no other way.

If you think about it carefully:

California's government is basically stuck using Windows, at least for official functioning. And Windows already has Windows Store. Android and iPhone have something similar. The restrictions apply to OSes and devices used in official, public capacity.

There are a few teenagers who use BSDs. But even so, are there any packages in existence that are actually inappropriate for teenagers? Headless browsers? Netcat? Bash? While it's true that sometimes, people are able to put together a DDOS tool from Open Source components, and deploy it without realizing what the consequences might be without proper safeguards (vm-based network), adult script kiddies can be just as bad, sometimes worse than minors.

BSDs are not cars. Operating a car requires some maturity and a license, esp. in a commercial/official capacity. That's why you gotta have a special license to operate a truck, as opposed to a personal car.

 

[ATAG]

It is currently being discussed, in the freebsd-hackers@ public mailing list.

California law CA AB1043

FreeBSD and most *NIX operating systems doesn't have accounts, just users/groups and home folders. The term "account creation" is meaningless in this context.

 

[vmb]

I think that from a legal standpoint you will find that DOS can be described as not having accounts. However, any operating system that requires authentication, to implement access controls, most certainly has accounts.

 

[6502]

I guess you didn't read this bit of the California law:

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

This sounds strange - no exempt for any application. What means "per affected child" - is it child not protected from adult content/software or any child "affected" from non-verified age? Because the fine is per affected child.

 

[kpedersen]

I don't feel this law is truly enforceable but if they do, our packages system (being a centralised system) could be at risk but our ports collection would not be considering FreeBSD as a vendor so likely to be fine?

 

[blackhole]

If the developer is outside the US, then how does that work exactly? How does the "State of California" take action against a developer in e.g. Russia who failed to comply with this?

That surely puts the onus back on the distributor.

 

[scottro]

There's a thread on something similar going on in Brazil. https://forums.freebsd.org/threads/practical-suggestions-for-resolving-the-brazilian-problem.101913/

I kind of think as has been said earlier in this thread, it's MS and friends lobbying, saying they're worried about children, to force out open source systems. I guess a lot of it will depend upon how strictly they enforce, or if they try to single out one or two to scare others, the way record companies used to bribe their way into large settlements because someone downloaded a song.

 

[shkhln]

It is far simpler to change the licenses to have clauses that:

It's entirely illegal to change license terms without getting permission of all contributors (in the FreeBSD case some of those are dead, which further complicates things). MidnightBSD guy might believe he's allowed to, but, honestly, he's an idiot.

 

[shkhln]

Also please refrain from discussing any laws with that level of knowledge. It's pretty jarring.

 

[kjpetrie]

So is being prosecuted because you didn't understand the law.

 

[kpedersen]

It's entirely illegal to change license terms without getting permission of all contributors (in the FreeBSD case some of those are dead, which further complicates things). MidnightBSD guy might believe he's allowed to, but, honestly, he's an idiot.

It is my understanding that so long as they continue with the terms #1 and #2 laid out in the BSD license (retain copyright notices); they can certainly add their own terms, providing they do not conflict.

If you can make the code proprietary and exclude everyone, you can certainly exclude California.

If it was less permissive, i.e GPL, this would be much more difficult. And in all fairness, lots of projects are a variety of mixed licenses so this could well be the case.

 

[shkhln]

It is my understanding that so long as they continue with the terms #1 and #2 laid out in the BSD license (retain copyright notices); they can certainly add their own terms, providing they do not conflict.

He had one or two collaborators specifically on the MidnightBSD portion of the code (that the aforementioned license change aims to cover) almost 20 years ago. I bet those were not informed. What code still belongs to them is also a difficult question because of poor source control discipline in MidnightBSD.

So, depending on your point of view, the change is either done improperly or not actually applicable to any files in the distribution. Either way the license becomes unnecessarily confusing for no benefit.

 

[vmb]

I don't believe changing someone else's established license is the method intended, rather creating a new license for just the code that is NOT FreeBSD that is used to install and customise an installation of FreeBSD called MidnightBSD. FreeBSD has in its repos many packages, including ZFS that are distributed with their own license terms, different to the BSD licenses. Take a look at the pfSense and OPNsense licenses which are both products, based on FreeBSD that have their own commercial licenses. The same goes for Netflix, PlayStation and Apple.

 

[shkhln]

You are free to make your own distro and ban whatever you like, but you are proposing to do something with the FreeBSD project itself and that is not going to work.

 

[Crivens]

I think you all try to solve this with the wrong tools. You try to use sense when it is about law and lawyers. As long as we can weasel out of this in any way, do that and don't change a line. As long as the web page says f.e. "No account required to download and install, we don't provide any service either, therefore law XYZ does not apply" that is that should be done. Nothing more.

 

[kjpetrie]

You can change the terms on licences issued in future. You obviously can't change them on ones already issued, which means you can't simply replace the licence with an updated one because the one stored on any machine has to match the one under which all the software was released, not just the latest download. That is why you probably need either different versions or a statement that the added term only applies to software licensed after a certain date, but you'd need legal advice on that.

However, this is really missing the point. It's not just the OS centrally which is affected. It's every application or utility - sed, grep, vi, etc. Requiring these to be age-aware is plain bonkers, but that's what the law seems to require. Either the legislators know nothing about computing or they (or people influencing them) intend to shut down Free Software as it's clear amateurs and hobbyists can't possibly comply, and it doesn't address the problem which is with the content, not the tools used to obtain it. Instead of banning shops selling children certain products, they're telling all shops they must install special anti-child devices even if they sell only child-friendly products. Then they're extending that same requirement to friends sharing things with neighbours.

If the law required age-restricted content to contain a header identifying it as such and applications downloading content to check it and require age verification before proceeding if the header were found, that would be sensible and might address the purpose. It, and the age bands could be internationally agreed to cater for different ages of consent in different territories and that could then be provided to the applications (in a file similar to a time-zone file) to apply the correct age for each territory. Of course, children would probably find a way round that just as they will with this, but it would only apply to software on which it is relevant and not to every piece of software.

The real problem is this really outlaws the ordinary home programmer writing and sharing code and learning how to write software and becoming the developer of the future. It's taking a hobby away from the people and a future career opportunity away from the young.

However, nothing we write here or on any other FOSS forum will change anything, just as people going out into the streets and shouting slogans doesn't change governments. The only way to change this is to take political or legal action. We need to band together, raise funds and fight a legal case before this becomes so commonplace it's too late to challenge, and we need to write to politicians pointing out why this is a bad idea and suggesting a better one, especially in countries where the Constitution doesn't prevent this kind of law. The first approach might work in the US, where the first amendment applies, and the second would be needed elsewhere.