I’ve been thinking about transparency and security in the public sector. Do you think all government software and platforms should be open source?
Some countries have already made progress in this area:
- Estonia: digital government services with open and auditable APIs.
- United Kingdom: several open source government projects and systems published on GitHub.
- France and Canada: policies encouraging the use of free and open source software in public agencies.
Possible benefits:
- Full transparency: anyone can audit the code, ensuring there is no corruption, hidden flaws, or unauthorized data collection.
- Enhanced security: public reviews help identify vulnerabilities quickly.
- Cost reduction: less dependency on private vendors and lower spending on proprietary licenses.
- Flexibility and innovation: public agencies can adapt systems to their needs without relying on external solutions.
Possible challenges:
- Maintenance and updating of complex systems.
- Protecting sensitive data without compromising citizen privacy.
- Political or bureaucratic resistance to opening the code.
Do you think this could be viable in the governments of your countries? How could we start making this a reality globally?
Firstly do you mean software that the government uses, or that the government make? What about if they hire an external company to make it, which is pretty much what they always do?
I don’t think there is any need. It wouldn’t solve any problem or make anyone safer.
I believe yes but they are going to say something about national security. Even though all the proprietary software they used gets hacked and has leaks anyway oof
Yes. Public money public code and all that.
However…
For security reasons, I wouldn’t feel comfortable if every one who wanted to could just contribute to it. It would need to be a closed developer group with security clearance. We can all look at what they’re doing, but we can’t insert our own patch commit requests to them ad nauseaum.
That’s entirely possible in the existing open source model with things like CODEOWNERS in github. I think it would work well for this concern.
Public money, public code.
I agree, all software developed or used by governments should be open-source.
There might be few cases where there is a legitimate reason for it not to be open source (no open source software available, need a proprietary software for running old legacy equipment …). In this case the decision should be voted on and the arguments exposed publicly.
Public money, public code.
Its really that simple
Imagine governments adding to foss. Would be awesome.
Why would it be more difficult to maintain and update a complex system?
They don’t have to accept outsider contributions on their mainline nor employ less people to work on it.
Not only should the source code be available, but they need to be Free Software (licenses such as GPL, Apache, etc.).
Do you mean software created by the government, or simply used by the government?
In the US, I believe the standard is that the software would be public domain if it’s an official government publication.
Yes, I think all
governmentsoftware should be FOSS.(Ok, ok. Not all. I don’t think it should be mandatory to distribute software. But if you do distribute software, I think the source code should be required to come with it and there shouldn’t be any intellectual property restrictions on modifying it or distributing it, with or without modifications so long as you include the source code. Aside from that, distributing versions with malware included without sufficiently advertising that fact should be considered some sort of fraud or vandalism.)
But I’m under no illusion that there’s any likelihood of that happening any time in my lifetime. One can hope, though.
Of your “possible challenges”, the first two are complete fiction. FOSS would make it easier to properly maintain and update systems, complex or otherwise. And databases and code are two different things. Beyond that, I’ll say that distributing software only in compiled form doesn’t make anything more secure or hide anything about how the code works.
Edit: Oh, I also think a right to attribution is a good thing. It can be done poorly. (Like some of the earlier BSD licenses that would result in pages and pages of attribution for a single code project.) But done well, I think it’s a worthwhile thing.
Yes. Public funds for only public code. Any and arguments involving security are invalid.
Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time and not by any of the military programs that have to date spent over $22 Billion and have achieved far less.
Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time
Could you elaborate further, please? I didn’t found anything about this story
Public funds spent on anything that generates something that could be considered “intellectual property” should be public domain. Beyond software my first thought is pharmaceutical and general medical research.
Within reason.
A nice little application to calculate tax and benefits? For sure.
A detailed model on how a nuclear attack would behave depending on the wind direction and tidal waves? That shit needs to be kept secret.
That should def be open source
What do you think: should all government software be open source?
No. I think that there are some things that should very much not be open source or even have binaries distributed, stuff like things like software used for some military purposes. You wouldn’t want to distribute it with abandon to the world any more than you would the weapons it drives or is used to create.
Open source only requires source distribution with binary distribution, so the software can be open source and still not publicly distributed. It just means if its ever declassified, the source will be required to be distributed along with the software itself.
If the source isn’t publicly available, it’s not open source. It sounds like you’re suggesting that the software remain closed source until some later date where it then becomes open source.
You don’t get to redefine open source. It’s always been about giving the source code to whoever you give the software.
Making it publicly available is an acceptable alternative to fulfill that obligation.
That is simply not true. Go read a few open source licenses and see for yourself. They only require that the source code be distributed with copies of the software itself. The code is not required to be made available to the general public.
A few references:
Generally, open source refers to a computer program in which the source code is available to the general public for usage, modification from its original design, and publication of their version (fork) back to the community.
https://en.wikipedia.org/wiki/Open_source
The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost, preferably downloading via the Internet without charge.
The term open source refers to something people can modify and share because its design is publicly accessible.
https://opensource.com/resources/what-open-source
having the source code freely available for possible modification and redistribution
https://www.merriam-webster.com/dictionary/open-source
I haven’t read any open source licenses, so it’s possible you are correct in some technical sense, but that is not what people mean when they use the term open source.
Clearly the OP was using the common definition, or most of the post wouldn’t make any sense.
The only one of your sources that directly contradicts what I am claiming is the Wikipedia line about the source being publicly available. But that is inaccurate. All the major open source licenses require source code be available to anyone who has access to the executable form of the software - not the public in general. So, if some FOSS software is available to download on the Internet without any restriction on its access, then so must the source code. Most FOSS software is distributed this way.
However, if you write software under an open source license, you are not required to share that software with anyone. The license requires you to distribute the source ALONG WITH the software. But it doesn’t require you to make the software freely available to everyone, or anyone.
Tying back to my original point, which has been derailed by myriad people who refuse to read before thinking they know things, I was saying that we don’t need exceptions for military software because it can be licensed as open source without that code being handed over to our enemies. But requiring it to be open source would, for example, preclude the DoD from building kill switches into the F-35s that they sell to our allies, because they’d be required to share the design of the plane’s control systems along with the product - again, only to the people who receive a copy of the product - not to the public at large.
I’d say that kind of thing should fall under a label of being “Classified”. If it’s something like a recruitment page for the Army that shouldn’t need any kind of classification.
Some, but probably not all. Seems like it would be a bad move to open-source all military software.
Why? Open source only requires sharing the source when sharing the software. No distribution of software - no distribution of source. But if they are gonna sell software to other militaries or civilian contractors, we have a right to know what they’re selling.
And no, hiding your code doesn’t generally make your software more secure.
It just seems like a bad tactic. For example, if the US gives Ukraine some software that helps them fight Russia, it’s likely tactically advantageous (to Ukraine) if Russia doesn’t have the source code.
Of course, it doesn’t mean Russia couldn’t do some reverse engineering to some extent. But that takes time, and likely wouldn’t be as complete/thorough as just handing them the source code.
If the DoD gives some ooen source software to Ukraine they are required to give the source code to Ukraine - not to Russia.
Trying to understand what you’re saying: how is that open source then? It sounds like you’re saying giving the source to Ukraine only would suffice.
That’s exactly what I’m saying. Go read the GPL and you’ll see that’s what it says too.
You’re confusing GPL with open source. Not all open source software is GPL.
The general discussion in this thread is if source code to government software should be publicly available. Not if government software should adopt GPL.
Its not just GPL. MPL, BSD work this way as well. And the original post refers to open source, not “code available to all”. Come back with a commonly used open source license that enforces what you’re describing and maybe you’ll have a point. Otherwise, why are we arguing about things that can just be looked up?
It’s generally not a good idea to make military technology accessible to the enemy.
So you didn’t read my comment before replying?
that could be solved by encrypted military plugins/addons that have their own security measures
