A lot of government stuff requires that they have complete provenance of all code in the system. When you have people contributing to it from different places - potentially different countries - they get nervous about it.
You’d think they’d also be worried about most proprietary software being a black box when it comes to their code. But it could be only a secondary concern
In an ideal world where people read the open source yes. But having contracts with a provider means someone else is responsible if shit fails and that’s half of the corporate world there.
We were restricted even on some proprietary software (especially if it was from a foreign owned company), but you’d be surprised how much scrutiny some of the major packages have had.
Why did the contracts specify that?
A lot of government stuff requires that they have complete provenance of all code in the system. When you have people contributing to it from different places - potentially different countries - they get nervous about it.
You’d think they’d also be worried about most proprietary software being a black box when it comes to their code. But it could be only a secondary concern
In an ideal world where people read the open source yes. But having contracts with a provider means someone else is responsible if shit fails and that’s half of the corporate world there.
We were restricted even on some proprietary software (especially if it was from a foreign owned company), but you’d be surprised how much scrutiny some of the major packages have had.