Red Hat is owned by IBM, which is one of the largest contractors for compute infrastructure and software for the US military. They’ve particularly taken an interest in ‘AI’ systems as automated target acquisition is now seen as a viable tactic following its use by Israel in Gaza.
Like bobo (rudely) said, Red Hat is what keeps the lights on for Fedora, even if its ownership is independent of RHEL. One cannot exist without the other.
On top of the many large multi-billion contracts to the DoD (like $151B for missile tech a few months ago), you can also search direct contracts to individual agencies at fdps.gov (i.e. direct contracts exclusive to the US Army, >$100,000 - you can see that Red Hat actually maintains some of their combat systems).
IBM and Red Hat also have played a significant role in the genocide in Gaza.
I’m in the same spot and I don’t have any answers haha. I’m on Fedora too, although I’ve been meaning to switch to another distro for a while now.
I think that there’s a distinction between upstream/downstream, and direct/indirect links between technologies though. The internet comes from military technology, but it’s a really broad system of protocols that itself is a communications technology. I don’t think that it’s possible to moralize the act of connecting to and exchanging data with a server; it’s more relevant what is being connected to and how those connections are being used.
I think you could also make the same argument about Linux, in the sense that many corporations contributing to the kernel (or to packages like systemd) are deeply connected to imperialism and fascism. Is it immoral to use any distro at all?
For me distinction between this line of reasoning and the discussion about Fedora / Red Hat is that Fedora is upstream of RHEL, and users participate in the process of testing and fixing issues with software that’s later used by militaries and corporations. The potential issue with this is that the user is (unknowingly) taking an active role in the production of a commodity used to kill. Even if you never report bugs, share any data, or contribute anything, it feels icky to use the distro (at least for me).
As for the age verification laws, the reality is that larger distros with corporate or non-profit owernship structures will be likely to comply out of obligation, while smaller distros might feel less pressure to comply. It’s the same with the issue of sanctions compliance, where Red Hat and the Linux Foundation had an obligation to restrict contributions from users in sanctioned countries. The issue is almost entirely top-down and in the hands of lobbying corporations like Meta. Legislation like this is made to make it feel like non-compliance means financial ruin, which may be the reality as OSS isn’t exactly profitable. I still think that compliance with it would be wrong, but it’s not like any of these distros directly participated in pushing these bills, and we still have to wait and see what comes of all this so it’s speculation. Either way I’m not super happy about Fedora right now