Important open source projects should not use GitHub (2020)

(unixdigest.com)

68 points bitbasher | 1 comments | 15 Apr 25 02:18 UTC | HN request time: 0.216s | source

Show context

cookiengineer ◴[15 Apr 25 08:13 UTC] No.43690232[source]▶

- Lessons from open source in the Mexican government [1]

- Europe as a software colony (documentary) [2]

The TL;DR is: If a diplomat from the US is at your doorstep and wants to doxx, eh... talk to, your CEO, you're doing exactly the right thing.

[1] https://lwn.net/Articles/1013776/

[2] https://www.youtube.com/watch?v=duaYLW7LQvg

replies(1): >>43690666 #

sublimefire ◴[15 Apr 25 09:24 UTC] No.43690666[source]▶

>>43690232 #

You need to understand how government buys software. Nobody prevents any company to propose the smallest possible price by utilizing OSS. Yet this is not happening because all of those pushing the idea do not really do anything and actually help their governments locally.

Another important factor is that gov workers rarely have enough skills to run OSS software, they are understaffed. And, it is difficult to integrate OSS with the existing systems.

Finally there is a question about responsibility and control. If you get a 0-day in OSS, who will patch it and who has the rights to push that patch? It is about managing risks.

replies(1): >>43690728 #

1. guappa ◴[15 Apr 25 09:33 UTC] No.43690728[source]▶

>>43690666 #

What happens with a 0day in windows? Ah yes it gets fixed much much later.

If you think large entities always do the efficient and rational thing, can you explain why governments of countries that are not the USA depend on software that is controlled by a hostile superpower?

↑