undefined | Better HN

0 pointsbee_rider2y ago0 comments

IMO we should start an Office of Digital Infrastructure if we want things like software BOM and software oversight. If the government wants secure code they should write the code in a controlled environment. They can run it similarly to an open source project (take pull requests from the general public) but it should be clear that the responsibility lays 100% at their feet.

I don’t think most open source projects really inspect their dependencies that well. Lots of these projects are community/hobby things, they should be treated as such.

0 comments

1 comments · 1 top-level

neiljohnson2y ago

I found this post to be interesting discussion on how a not profit organisation could practically operate to support FOSS maintenance. It still has risks surrounding infiltration by bad actors, but mitigation is easier since staffers are paid. https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI

j / k navigate · click thread line to collapse