Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I think we should seriously consider something like a ts clearance as mandatory for work on core technologies.

Was xz/lzma a core technology when it was created? Is my tiny "constant time equality" Rust crate a core technology? Even though it's used by the BLAKE3 crate? By the way, is the BLAKE3 crate a core technology? Will it ever become a core technology?

With free software in general, things do not start a "core technology"; they become a "core technology" over time due to usage. At which point would a maintainer have to get a TS clearance? Would the equivalent of a TS clearance from my Latin America country be acceptable? And how would I obtain it? Is it even available to people outside the military and government (legit question, I never looked)?



We probably shouldn't use your code at all, is the real answer. You can get TS, it just costs a lot of money.


In United States, you cannot apply for a clearance. You must get a job that requires a clearance, then start application process and wait.


Who is "we"? Are you from the US by any chance? Do you mean that the US government should rewrite every piece of core architecture (including Linux, Ssh, Nginx...) from scratch? Because they are all "contaminated" and actually were created by non-americans.

If that's the case, you do you. Do you also think that all other countries should do the same, and rewrite everything from scratch for their government use (without foreign, for example American, influence)? And what about companies? Should they be forced to switch to their government's "safe" software, or can they keep using Linux and ssh? What about multi-national companies? And what even counts as a "core" software?

So yeah, I don't think it's a good idea.


We can keep it between NATO plus friends.


Wow, I can't decide which is the bigger act of sabotage to open source, your ideas or the actual backdoor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: