this post was submitted on 21 Sep 2025
188 points (97.5% liked)

Ask Lemmy

34803 readers
1568 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works
188
What do you think: should all government software be open source? (lemmy.world)
submitted 6 days ago by cm0002@lemmy.world to c/asklemmy@lemmy.world
53 comments fedilink hide all child comments
 

OQB @fajre@lemmy.world

I’ve been thinking about transparency and security in the public sector. Do you think all government software and platforms should be open source?

Some countries have already made progress in this area:

  • Estonia: digital government services with open and auditable APIs.
  • United Kingdom: several open source government projects and systems published on GitHub.
  • France and Canada: policies encouraging the use of free and open source software in public agencies.

Possible benefits:

  • Full transparency: anyone can audit the code, ensuring there is no corruption, hidden flaws, or unauthorized data collection.
  • Enhanced security: public reviews help identify vulnerabilities quickly.
  • Cost reduction: less dependency on private vendors and lower spending on proprietary licenses.
  • Flexibility and innovation: public agencies can adapt systems to their needs without relying on external solutions.

Possible challenges:

  • Maintenance and updating of complex systems.
  • Protecting sensitive data without compromising citizen privacy.
  • Political or bureaucratic resistance to opening the code.

Do you think this could be viable in the governments of your countries? How could we start making this a reality globally?

top 50 comments
sorted by: hot top controversial new old
[–] jeena@piefed.jeena.net 80 points 6 days ago (1 children)

Public money, public code.

[–] thann@lemmy.dbzer0.com 10 points 5 days ago

Its really that simple

[–] mugita_sokiovt@discuss.online 46 points 6 days ago

Not only should the source code be available, but they need to be Free Software (licenses such as GPL, Apache, etc.).

[–] Adderbox76@lemmy.ca 16 points 5 days ago (1 children)

Yes. Public money public code and all that.

However...

For security reasons, I wouldn't feel comfortable if every one who wanted to could just contribute to it. It would need to be a closed developer group with security clearance. We can all look at what they're doing, but we can't insert our own patch commit requests to them ad nauseaum.

[–] bitwolf@sh.itjust.works 6 points 5 days ago

That's entirely possible in the existing open source model with things like CODEOWNERS in github. I think it would work well for this concern.

[–] nuggie_ss 16 points 5 days ago

Public money, public code.

[–] TootSweet@lemmy.world 21 points 6 days ago* (last edited 6 days ago)

Yes, I think all ~~government~~ software should be FOSS.

(Ok, ok. Not all. I don't think it should be mandatory to distribute software. But if you do distribute software, I think the source code should be required to come with it and there shouldn't be any intellectual property restrictions on modifying it or distributing it, with or without modifications so long as you include the source code. Aside from that, distributing versions with malware included without sufficiently advertising that fact should be considered some sort of fraud or vandalism.)

But I'm under no illusion that there's any likelihood of that happening any time in my lifetime. One can hope, though.

Of your "possible challenges", the first two are complete fiction. FOSS would make it easier to properly maintain and update systems, complex or otherwise. And databases and code are two different things. Beyond that, I'll say that distributing software only in compiled form doesn't make anything more secure or hide anything about how the code works.

Edit: Oh, I also think a right to attribution is a good thing. It can be done poorly. (Like some of the earlier BSD licenses that would result in pages and pages of attribution for a single code project.) But done well, I think it's a worthwhile thing.

[–] bacon_pdp@lemmy.world 14 points 6 days ago (2 children)

Yes. Public funds for only public code. Any and arguments involving security are invalid.

Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time and not by any of the military programs that have to date spent over $22 Billion and have achieved far less.

[–] stephen@lazysoci.al 10 points 6 days ago

Public funds spent on anything that generates something that could be considered “intellectual property” should be public domain. Beyond software my first thought is pharmaceutical and general medical research.

[–] Danitos@reddthat.com 4 points 5 days ago* (last edited 5 days ago) (1 children)

Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time

Could you elaborate further, please? I didn't found anything about this story

load more comments (1 replies)
[–] BastingChemina@slrpnk.net 8 points 5 days ago

I agree, all software developed or used by governments should be open-source.

There might be few cases where there is a legitimate reason for it not to be open source (no open source software available, need a proprietary software for running old legacy equipment ...). In this case the decision should be voted on and the arguments exposed publicly.

[–] themaninblack@lemmy.world 3 points 4 days ago

Any even partially publicly funded government code should be open sourced, just like the new rules for public funding and publishing of scientific research. If people actually paid attention this would crush my former local government department.

[–] FaceDeer@fedia.io 8 points 6 days ago

Do you mean software created by the government, or simply used by the government?

In the US, I believe the standard is that the software would be public domain if it's an official government publication.

[–] tal@olio.cafe 9 points 6 days ago (2 children)

What do you think: should all government software be open source?

No. I think that there are some things that should very much not be open source or even have binaries distributed, stuff like things like software used for some military purposes. You wouldn't want to distribute it with abandon to the world any more than you would the weapons it drives or is used to create.

[–] humanamerican@lemmy.zip 5 points 6 days ago (5 children)

Open source only requires source distribution with binary distribution, so the software can be open source and still not publicly distributed. It just means if its ever declassified, the source will be required to be distributed along with the software itself.

load more comments (5 replies)
[–] BrianTheeBiscuiteer@lemmy.world 2 points 6 days ago

I'd say that kind of thing should fall under a label of being "Classified". If it's something like a recruitment page for the Army that shouldn't need any kind of classification.

[–] freeman@sh.itjust.works 6 points 5 days ago

Why would it be more difficult to maintain and update a complex system?

They don't have to accept outsider contributions on their mainline nor employ less people to work on it.

[–] percent@infosec.pub 7 points 6 days ago (2 children)

Some, but probably not all. Seems like it would be a bad move to open-source all military software.

[–] humanamerican@lemmy.zip 13 points 6 days ago (2 children)

Why? Open source only requires sharing the source when sharing the software. No distribution of software - no distribution of source. But if they are gonna sell software to other militaries or civilian contractors, we have a right to know what they're selling.

And no, hiding your code doesn't generally make your software more secure.

[–] percent@infosec.pub 9 points 6 days ago (1 children)

It just seems like a bad tactic. For example, if the US gives Ukraine some software that helps them fight Russia, it's likely tactically advantageous (to Ukraine) if Russia doesn't have the source code.

Of course, it doesn't mean Russia couldn't do some reverse engineering to some extent. But that takes time, and likely wouldn't be as complete/thorough as just handing them the source code.

[–] humanamerican@lemmy.zip 3 points 6 days ago (1 children)

If the DoD gives some ooen source software to Ukraine they are required to give the source code to Ukraine - not to Russia.

[–] Lumidaub@feddit.org 2 points 6 days ago (1 children)

Trying to understand what you're saying: how is that open source then? It sounds like you're saying giving the source to Ukraine only would suffice.

[–] humanamerican@lemmy.zip 1 points 5 days ago (1 children)

That's exactly what I'm saying. Go read the GPL and you'll see that's what it says too.

[–] magic_lobster_party@fedia.io 1 points 5 days ago (1 children)

You’re confusing GPL with open source. Not all open source software is GPL.

The general discussion in this thread is if source code to government software should be publicly available. Not if government software should adopt GPL.

[–] humanamerican@lemmy.zip 2 points 5 days ago

Its not just GPL. MPL, BSD work this way as well. And the original post refers to open source, not "code available to all". Come back with a commonly used open source license that enforces what you're describing and maybe you'll have a point. Otherwise, why are we arguing about things that can just be looked up?

[–] magic_lobster_party@fedia.io 3 points 6 days ago (1 children)

It’s generally not a good idea to make military technology accessible to the enemy.

load more comments (1 replies)
[–] Battle_Masker@lemmy.blahaj.zone 2 points 6 days ago

that could be solved by encrypted military plugins/addons that have their own security measures

[–] beejboytyson@lemmy.world 2 points 4 days ago (1 children)

Couldn't people look through the code for exploits?

[–] stoy@lemmy.zip 6 points 4 days ago

Yes, that is a very good thing.

It would mean that we a have a lot more people who can find exploits, report them and repair them.

Sure, some would find exploits and use them, but you would have more people finding and fixing them

[–] hello_cruel_world@lemmy.world 5 points 6 days ago (1 children)

Within reason.

A nice little application to calculate tax and benefits? For sure.

A detailed model on how a nuclear attack would behave depending on the wind direction and tidal waves? That shit needs to be kept secret.

[–] thann@lemmy.dbzer0.com 3 points 5 days ago

That should def be open source

[–] rodsthencones@startrek.website 5 points 6 days ago (1 children)

I don't have a source, some looking will find it, but NASA used to have to be in the public domain. Now they partner, and the partner gets the patents. I know the Apollo soyez mating hardware was public domain, and apas docking is still.

I also seem to remember that research paid for by the USA, used to have to stay public.

I don't have a source to quote, just memory.

There really is no good reason for not being open source.

[–] betterdeadthanreddit@lemmy.world 3 points 6 days ago

Federal Research Public Access Act of 2006, perhaps? (Archived)

[–] callyral@pawb.social 4 points 6 days ago

yeah i think all government software available to the public should be free and open source.

[–] FreedomAdvocate@lemmy.net.au 2 points 5 days ago (1 children)

Firstly do you mean software that the government uses, or that the government make? What about if they hire an external company to make it, which is pretty much what they always do?

I don’t think there is any need. It wouldn’t solve any problem or make anyone safer.

[–] chaospatterns@lemmy.world 1 points 4 days ago (1 children)

Even if an external company makes it, they can add an open source mandate if they want. The US DoD is starting to mandate the usage of open standards for their contractors to increase inter compatibility and ability to extend those systems.

Open source software has some value like making it easier for analysts to find security issues and the act of open sourcing software usually leads organisations to raise the quality because they don't want to be ashamed of the code. Plus imagine the clout gained by a dev who got a bug fix merged in that millions of citizens get to use.

[–] FreedomAdvocate@lemmy.net.au 1 points 4 days ago

Even if an external company makes it, they can add an open source mandate if they want.

Sure they could, but like I said, the're isn't really any need for it. It being open source doesn't make it more secure or better by default, but it does means that anyone wanting to exploit it just got handed the full codebase to make it easier.

[–] WolfLink@sh.itjust.works 3 points 6 days ago

Software developed by government funded research is typically released open source in the US.

[–] PixeIOrange@lemmy.world 2 points 5 days ago

Imagine governments adding to foss. Would be awesome.

[–] magic_lobster_party@fedia.io 3 points 6 days ago

Another can of worms is dealing with proprietary technology. A lot of software is built in partnership with private companies. They likely don’t want to give out their competitive edge for free.

I think more government software should be open source, but I don’t think it’s possible to make all software open source.

[–] rowinxavier@lemmy.world 2 points 6 days ago

Yes, in the same way all research funded by the public should be open. If you pay for a dataset to be gathered and only one team gets to use it you have wasted money. Make the dataset open, make all the methods open, and it can be used multiple times, increasing the return on investment. In the same way if someone is working on security auditing for something like OpenSSH anyone who uses it benefits. You pay once for the work but get benefit for all who use it.

This also makes standardising easier because of the common tools so you can have cross department access without unnecessary technical barriers. For example, making a standard format for data in a SQL database means you can access multiple datasets and correlate them, allowing the study of important issues with minimal fuss. You can even create standards for accessing this data to make it much safer to use without exposing people's personal information.

On the flip side you could have Microsoft and other similar companies decide what is worth investing in and just hope their system will work. If there is a security issue you just have to wait for them to patch it assuming they identify it. If they stop supporting something you can't keep using it with external support because you don't have the code.

Honestly, it is also a national security risk. Using a vendor from another country means you have someone who can access your data with software you cannot audit who is potentially influenced by the government of another country and you just have to trust them. I cannot understand the use of Windows in military applications. Honestly, asking the fox to guard the hen house. Why would you let the USA have access to your systems with the plausibly deniability of a company like Microsoft in between? Sounds like lazy writing for a military fantasy novel, not modern foreign policy.

[–] vk6flab@lemmy.radio 2 points 6 days ago

I think all public funds that generate data and/or software needs to be public.

The notion that maintenance is an issue is a red herring. Proprietary software purchased by government requires ongoing support contracts right until the vendor discontinues the product and leaves the public funds to prop up another billionaire.

Open source would also stimulate the economy since businesses could benefit from the project and use or apply it to their use, something which currently requires more investment with the same vendor.

[–] PM_ME_VINTAGE_30S@lemmy.sdf.org 2 points 6 days ago

All publicly available software should be free and open-source, ten toes down.

load more comments
view more: next ›