[HN Gopher] OSQI
___________________________________________________________________
OSQI
Author : speckx
Score : 17 points
Date : 2024-04-02 20:27 UTC (2 hours ago)
(HTM) web link (www.tbray.org)
(TXT) w3m dump (www.tbray.org)
| axus wrote:
| Sounds like a cushy job for three-letter-agency employees, block
| the flaws your adversaries add and go soft on the ones your own
| agency added, or at least slow down the process of catching it.
| SwellJoe wrote:
| If transparency were taken seriously, that wouldn't be an easy
| task. And, if it were multi-state, either via multiple states
| having such an organization or via a collaboration of states
| and organizations who don't all agree about protecting
| backdoors for the FBI/CIA/whatever.
| akira2501 wrote:
| > It's an organization created by a national government.
|
| Why? What about this requires the power of "government?"
|
| > Obviously, more nations than one could have an OSQI.
|
| Contributor agreements are about to get way more parsimonious and
| annoying.
|
| > There would be no suspicion that your employer is trying to
| enshittify anything
|
| Nation states use software and knowledge of zero days to commit
| espionage against each other. He can't be serious with this.
|
| > Yeah. Except for, I no longer speak with the voice of a
| powerful employer.
|
| Yea, but you speak with the same tone.
| artwr wrote:
| Not the original poster but:
|
| >> It's an organization created by a national government. >
| Why? What about this requires the power of "government?"
|
| Budget mostly. I don't think the power of government is
| strictly required. There are some private organizations which
| try to take care of the commons (Hiya, Mozilla!), but it's
| still by and far had to fund. Why not use public funding for
| this?
|
| > Contributor agreements are about to get way more parsimonious
| and annoying.
|
| Why? I don't think the project necessarily needs to be owned by
| the organization, right? In which case, nothing changes to the
| contribution model.
|
| > Nation states use software and knowledge of zero days to
| commit espionage against each other. He can't be serious with
| this.
|
| That's true, but it's not as if there was no tension there.
| Significant backdoors could have impacts on the economy of some
| nations which are therefore incentivized to keep things running
| smoothly. You can play offense and defense at the same time.
| SwellJoe wrote:
| What would motivate its existence if not government?
|
| Google has Project Zero, but it's quite limited in scope,
| mostly focusing on things in Google's supply chain. What other
| evidence is there corporations will fund the scale and scope
| needed to secure the whole ecosystem (that everyone depends on
| at this point, Open Source won)?
|
| Lots of the security-related organizations that currently exist
| merely find and report exploits, often even asking for
| compensation from the maintainer of the software for reporting
| it (even if it's a bullshit report:
| https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-
| stands-f...). Putting more work on volunteers isn't a
| reasonable ask.
___________________________________________________________________
(page generated 2024-04-02 23:00 UTC)