I’m thinking that software like Signal, Bitwarden, Firefox and RHEL is more likely to be pushed (by unconventional methods) to introduce backdoors under Trump 2.0. Less complex software that is developed by an international community is of course less suseptible.

What do you think? Will the risk be higher during Trump 2.0 or is the FOSS community diverse and international enough? Am I just paranoid and irrational?

Closed source software and cloud is of course a no brainer since always. But clompex FOSS with centralized development and hosting pretty much suffers from the same problem.

    • schizo@forum.uncomfortable.business
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      24 hours ago

      Well, yes, it does: https://www.debian.org/intro/organization

      But the corporation that handles all their funding and owns their trademarks is in the US, so they’re possibly subject to the same pressure. And of course a good number of those people in that org tree are in the US, so again, same issue.

      My point was more ‘this is silly, because if you REALLY think that, there’s nobody and no project that’s got any ties at all to the US that can be considered safe, and you should maybe get rid of all your computing devices now’, rather than an intent to say that Debian or anyone there is at more or less risk.

      • wildbus8979@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        24 hours ago

        While the organizational structure exists, it isn’t represented in a legal manner like a 501c3.

        Software For The Public Interests is, but they only handle trademarks and like you said some rare funding.

        • schizo@forum.uncomfortable.business
          link
          fedilink
          English
          arrow-up
          4
          ·
          23 hours ago

          Sure, but the way this usually works is that the government tells you to do something and if you don’t, they’ll find someone (or a couple of someones) on that list, arrest them, and charge them with a crime.

          Doesn’t matter if they did the crime, and it doesn’t matter if they’d be convicted, but the play is to keep your friends in jail until you capitulate to what they want. This is actually something that’s happened with tech companies before, like what they did with GoDaddy’s C-level in India.

          The problem is that there’s no damn way I’d want to be arrested by the upcoming US administration, because I’d bet $100 that their playbook will portray not doing what they’re demanding as a national security or terrorism offense, and if you’ve been watching ANYTHING for the last damn near 25 years, that’s a free pass for them to basically just vanish you until they feel like doing otherwise.

          It’s fantastic leverage against organizations that have US people and are, presumably, not willing to just let their friends spend who-knows amount of time in prison, and could probably result in some cooperation.

          And I’m about to both get downvoted and WELL AKSHULLY’d about how you can’t just vanish people under the US justice system, and sure, you’re technically correct. Except we’ve passed law after law after law since 9/11 that have basically given the government the ability to do any damn thing they please if they call you a national security risk or terrorist, up to and including Gitmo, in case you’ve forgotten that existed: which you shouldn’t have, because we STILL have prisoners sitting there.

          This is doomer as fuck, and horribly unlikely, but so is a demand to stuff backdoors into everything. But, if we head down that road, the only safe software will be ones that can’t be blackmailed like this which is essentially none of the major projects.