• TeddE@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    4 months ago

    Yay. This is excellent news and hopefully the beginning of a trend.

    No source code is perfect, and the xz utils vulnerability highlights how having everything fall to enthusiasts alone isn’t perfect. Adding some state level actors into the soup will hopefully add some additional validation to many key tool chains. (I wouldn’t trust state actors alone, as some governments clearly don’t have their citizens best interests at heart, but as another set of eyes to a public source, I think is good)

  • refalo
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    4 months ago

    Does “for the government” also include software used by the government?

    I would assume a very large portion of software used by the government was not developed explicitly for it.

    • ballmerpeaking
      link
      fedilink
      arrow-up
      6
      ·
      4 months ago

      Most likely only “for”. Still, a great step in the right direction.

  • earmuff@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    Again. There are also exceptions, so not 100% of all code will be published. Licensing is also an issue, as the law only says the owners are advised to use an internationally recognized license if possible, but it is not mandatory. And it is to be expected to be handled differently for each project.

  • hitmyspot@aussie.zone
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    I’m pretty sure Ireland open sourced their covid tracing app at the time they were being used. Its a pity that google and apple were so slow with their implementation.

  • BB_C
    link
    fedilink
    arrow-up
    1
    arrow-down
    3
    ·
    4 months ago

    CTRL-F security
    lol

    • Ethan
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Obscurity is not real security

      • BB_C
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        As predicted, none of you got what I was referring to. Although simply doing the search would have got you there.

        The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.

        Also as predicted, this escape hatchet exists for skipping compliance.