A lot of government stuff requires that they have complete provenance of all code in the system. When you have people contributing to it from different places - potentially different countries - they get nervous about it.
You’d think they’d also be worried about most proprietary software being a black box when it comes to their code. But it could be only a secondary concern
We were restricted even on some proprietary software (especially if it was from a foreign owned company), but you’d be surprised how much scrutiny some of the major packages have had.
In an ideal world where people read the open source yes. But having contracts with a provider means someone else is responsible if shit fails and that’s half of the corporate world there.
Why did the contracts specify that?
A lot of government stuff requires that they have complete provenance of all code in the system. When you have people contributing to it from different places - potentially different countries - they get nervous about it.
You’d think they’d also be worried about most proprietary software being a black box when it comes to their code. But it could be only a secondary concern
We were restricted even on some proprietary software (especially if it was from a foreign owned company), but you’d be surprised how much scrutiny some of the major packages have had.
In an ideal world where people read the open source yes. But having contracts with a provider means someone else is responsible if shit fails and that’s half of the corporate world there.