February 5th, 2021 at 1:32 PM
Google is proposing changes for “critical projects” in terms of the norms of what developers do. Among those are things that make sense, such as forcing two factor authentication. Some of them not so much, like forcing a sort of registry for any contributors or not allowing anonymous contributors. But perhaps more worrisome is that that they want TWO independent, third parties to be required to review all changes. (They also want these third parties to dictate what can, and can’t be changed. And this is absolutely ridiculous.)
It is totally antithetical to the spirit of open source, along with everything it stands for. It’s taking away the freedoms that made open source so powerful, forcing and allowing third party companies to control the destiny of large scale projects.
They claim that this is under the guise of security, and that it reduces vulnerabilities and increases truthworthiness. But let’s think about that, because Google itself has benefitted immensely from open source. One of the largest companies in the world has benefited from the huge community of projects that are available for free, thanks to the developers who had the freedom to create wonderful things. They chose to use those projects and have contributed to their popularity.
And it’s not unwarranted. There is a reason open source dominated the mobile market, the server market, and the IOT market. One of the most prominent reasons is security and stability. This is the reason we don’t use closed source options such as Windows (as often, at least). These critical open source projects are already being used by Google (and many others) because they are much more secure and trustworthy. So when Google wants to come in and force developers, many of whom are working for free, to jump through hoops and red tape that are antithetical to open source, it’s not security they are concerned about. The outcome isn’t security, it’s influence. Google is fully capable of developing their own options or forking projects if THEY want to control the destiny of those projects.
The whole thing is just against the entire spirit of open source. If you don’t trust the package, don’t use it. If you think a critical package isn’t maintained in the way you want, then fork it. It’s YOUR responsibility to do that in open source. Not your responsibility to get red tape involved and strong arm them into paying third parties. No. As a multi billion dollar company, it’s YOUR responsibility to contribute.
Honestly, just not so sure about this one. What are your thoughts?
It is totally antithetical to the spirit of open source, along with everything it stands for. It’s taking away the freedoms that made open source so powerful, forcing and allowing third party companies to control the destiny of large scale projects.
They claim that this is under the guise of security, and that it reduces vulnerabilities and increases truthworthiness. But let’s think about that, because Google itself has benefitted immensely from open source. One of the largest companies in the world has benefited from the huge community of projects that are available for free, thanks to the developers who had the freedom to create wonderful things. They chose to use those projects and have contributed to their popularity.
And it’s not unwarranted. There is a reason open source dominated the mobile market, the server market, and the IOT market. One of the most prominent reasons is security and stability. This is the reason we don’t use closed source options such as Windows (as often, at least). These critical open source projects are already being used by Google (and many others) because they are much more secure and trustworthy. So when Google wants to come in and force developers, many of whom are working for free, to jump through hoops and red tape that are antithetical to open source, it’s not security they are concerned about. The outcome isn’t security, it’s influence. Google is fully capable of developing their own options or forking projects if THEY want to control the destiny of those projects.
The whole thing is just against the entire spirit of open source. If you don’t trust the package, don’t use it. If you think a critical package isn’t maintained in the way you want, then fork it. It’s YOUR responsibility to do that in open source. Not your responsibility to get red tape involved and strong arm them into paying third parties. No. As a multi billion dollar company, it’s YOUR responsibility to contribute.
Honestly, just not so sure about this one. What are your thoughts?