this post was submitted on 22 Jul 2024
149 points (98.1% liked)

Opensource

1427 readers
13 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient



founded 1 year ago
MODERATORS
top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 21 points 4 months ago

Yay. This is excellent news and hopefully the beginning of a trend.

No source code is perfect, and the xz utils vulnerability highlights how having everything fall to enthusiasts alone isn't perfect. Adding some state level actors into the soup will hopefully add some additional validation to many key tool chains. (I wouldn't trust state actors alone, as some governments clearly don't have their citizens best interests at heart, but as another set of eyes to a public source, I think is good)

[–] refalo 7 points 4 months ago* (last edited 4 months ago) (1 children)

Does "for the government" also include software used by the government?

I would assume a very large portion of software used by the government was not developed explicitly for it.

[–] ballmerpeaking 6 points 4 months ago

Most likely only "for". Still, a great step in the right direction.

[–] [email protected] 3 points 4 months ago

Again. There are also exceptions, so not 100% of all code will be published. Licensing is also an issue, as the law only says the owners are advised to use an internationally recognized license if possible, but it is not mandatory. And it is to be expected to be handled differently for each project.

[–] [email protected] 2 points 4 months ago

I'm pretty sure Ireland open sourced their covid tracing app at the time they were being used. Its a pity that google and apple were so slow with their implementation.

[–] BB_C -2 points 4 months ago (1 children)
[–] firelizzard 1 points 4 months ago (1 children)

Obscurity is not real security

[–] BB_C 1 points 4 months ago

As predicted, none of you got what I was referring to. Although simply doing the search would have got you there.

The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.

Also as predicted, this escape hatchet exists for skipping compliance.