You may have been seeing some news lately about a law in California that requires OSs to do age-verification on their users.

This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched. Assembly Bill No. 1043

I am pretty paranoid about this stuff. When I first saw articles about this a few days ago, I was somewhat surprised that it hadn't made a bigger splash when it was passed. So I went and read the law. I'm no lawyer, but it seems like all it requires of the OS is to get the user to enter a birthdate when they install the OS on the device. As far as the age-verification stuff we have been seeing, this seems pretty tame. Just make up a number.

Then I came across this post on linux development mailing lists. This is the kind of mess that gets made by these age-verification laws:

At its core, the law seems to require that an "operating system" (I'm guessing this would correspond to a Linux distribution, not an OS kernel or userland) request the user's age or date of birth at "account setup". The OS is also expected to allow users to set the user's age if they didn't already provide it (because the OS was installed before the law went into effect), and it needs to provide an API somewhere so that app stores and application distribution websites can ask the OS "what age bracket does this user fall into?" Four age brackets are defined, "< 13", ">= 13 and < 16", ">= 16 and < 18", and ">= 18". It looks like the API also needs to not provide more information than just the age bracket data. A bunch of stuff is left unclear (how to handle servers and other CLI-only installs, how to handle VMs, whether the law is even applicable if the primary user is over 18 since the law ridiculously defines a user as "a child" while also defining "a child" as anyone under the age of 18, etc.), but that's what we're given to deal with

The whole email is worth reading even if just to get a sense of what this might mean for your favorite distribution.