Yay. This is excellent news and hopefully the beginning of a trend.
No source code is perfect, and the xz utils vulnerability highlights how having everything fall to enthusiasts alone isn’t perfect. Adding some state level actors into the soup will hopefully add some additional validation to many key tool chains. (I wouldn’t trust state actors alone, as some governments clearly don’t have their citizens best interests at heart, but as another set of eyes to a public source, I think is good)
Does “for the government” also include software used by the government?
I would assume a very large portion of software used by the government was not developed explicitly for it.
Most likely only “for”. Still, a great step in the right direction.
Again. There are also exceptions, so not 100% of all code will be published. Licensing is also an issue, as the law only says the owners are advised to use an internationally recognized license if possible, but it is not mandatory. And it is to be expected to be handled differently for each project.
I’m pretty sure Ireland open sourced their covid tracing app at the time they were being used. Its a pity that google and apple were so slow with their implementation.
CTRL-F security
lolObscurity is not real security
As predicted, none of you got what I was referring to. Although simply doing the search would have got you there.
The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.
Also as predicted, this escape hatchet exists for skipping compliance.