top | item 39876592

(no title)

shnkr | 1 year ago

>The relationship with commercial vendors isn’t always healthy, but many major OSS projects are supported to a significant extent.

Almost always the so called "community" supporting a OSS project is an employee of a commercial vendor who is only interested as long as he is assigned to the project or task.

The solution is to have a full time owners and maintainers for all the critical projects and the government has to foot the bill. The govt can setup a division to identify such projects.

discuss

diogocp|1 year ago

Government: launches a years-long covert operation to take over maintainership of critical project in order to insert a backdoor.

HN comments: the solution is for government to maintain these critical projects.

kaliqt|1 year ago

That's a likelihood it would seem.

hnaccount_rng|1 year ago

I mean, getting an actual government agency with an appropriate mission specified by law _would_ help. Both from a recruiting point of view (you get sufficiently ideologically motivated people), but also from an accountability point of view. These agencies are ultimately responsible to someone. And the law has that nice property of knowing who and how to hurt those people. So yeah. Getting a (or the) government to maintain OSS infrastructure definitely would help. And probably also prevent this kind of thing as far, far too risky to attempt

gizmo686|1 year ago

I'm amazed we have gotten this far without something like that happening. Critical infastructure is built ontop of this pile of software that is all being maintained by. If every major piece of infastructure (power plant, water treatment plant, etc) would dedicate 1 full time engineer to 1 open source dependency that they use, there would be more than enough man power to solve it.

forgotmyinfo|1 year ago

We can't even support actual critical physical infrastructure anymore, like roads, bridges, and the power grid. And that stuff has very obvious immediate consequences when it breaks. Try explaining to your local octogenarian senator what xz is and why OpenSSH shouldn't just be funded by whatever spare change we find in the couch cushions.

GabeIsko|1 year ago

Governments will just outsource it to commercial contractors at this point.