cross-posted from: https://feddit.org/post/4415864
The petitioner calls for the European Union to actively develop and implement a Linux-based operating system, termed ‘EU-Linux’, across public administrations in all EU Member States.
This initiative aims to reduce dependency on Microsoft products, ensuring compliance with the General Data Protection Regulation (GDPR), and promoting transparency, sustainability, and digital sovereignty within the EU.
The petitioner emphasizes the importance of using open-source alternatives to Microsoft 365, such as LibreOffice and Nextcloud, and suggests the adoption of the E/OS mobile operating system for government devices. The petitioner also highlights the potential for job creation in the IT sector through this initiative.
[Edit typo.]
But then the government is dependent on this private company again. The idea of an own operating system distribution is, to have the control and not being dependent (as far as a company goes). So its not odd at all. In fact, I am shocked that most governments in the world don’t have their own distribution. It just makes sense.
That also means a specific distribution to learn and count on across all governmental institution across all parts. They can integrate any feature, application and configure it for the EU in a government. Is there such a distribution that exists doing exactly that? Probably not. And creating a distribution does not mean they develop everything from scratch, so its not like impossible to workout.
If private companies like Steam can do it, then a government should be able too.
To make your own distro, you will need two key things: a budget and people. Given how cutting budgets is also a thing with many government things, you run into danger of lesser maintenance standards of the distro as time progresses. Be it important as it may, the institutions will have to shell out money to make and support a standardized system. Using a mainstream or larger existing distro that also covers enterprise use cases can at least offset some of these troubles. Being able to and actually making it a reality are two different things, sadly.
Um, yes. It is odd, and you get some things ass backward:
To my knowledge Linux is community driven. I can only assume that’s Murena and /e/OS you’re talking about, then? In which case, that was my point.
Yeah, makes sense to North Korea, too. I’m not sure they’re an example to follow, though.
To be clear, nation states controlling the tools that their employees and, potentially, wider population communicate and access information is a dystopian vision, and I cannot agree with that point at all.
To be clear, the EU developing an operating system for EU use is not a dystopian vision without assuming many things about the theoretical future project. The petition is asking for this for transparency and independence from an actual dystopian vision coming to fruition in a ‘forced’ Windows standard. That doesn’t really lead me to imagine a dystopian nightmare where the EU forces everyone to install their distro (A potentially comical vision on its own).
I rather like the idea that governments contribute to open source projects, sounds a lot better than the same contribution going to private institutions. The use of open source software may introduce some vulnerabilities, but those are replacing vulnerabilities that are already there. I would also imagine investment in some open source projects would encourage more development in adjacent areas, much like Valve, Proton, and gaming.
I would be interested to hear what alternative you have to solving the problems that the project in this petition is attempting to solve. It’s easy to shoot down something for not being perfect but it’s pretty challenging to come up with a theoretical proposal that pleases all.
Wow, what a way to take the most extreme POV possible on an issue.
Absolutely not. Somebody may still wade into the discussion and Godwin themselves.
It also means the entirety of the EU’s governments would be susceptible to the same vulnerabilities and bugs, and would share the same dependencies. Given recent issues with bad actors taking control of small but essential repos, this seems like a potentially dangerous security flaw.
I mean yes, but currently they’re all dependent on Windows, so its less of centralizing OSes, and more changing what its centralized on.
Okay, but when’s the last time someone created a security vulnerability by sneakily taking over a Windows dependency controlled by a single developer after pressuring them into handing the keys over with a bunch of sockpuppets?
Sure the threat model is different, I’m just saying it’s still a single point of failure.
It’s not, though. It’s a much wider potential for failure, as there are a great number of dependencies that are often left to individual developers to maintain. That may be a somewhat reasonable amount of risk when you’ve got multiple options for dependencies and no major target, but when the entire EU relies on single individual maintainers? That’s a massively exploitable threat vector. It would be absurd to assume no one will take advantage given what we’ve already seen.
It would be an extremely foolish move to put the whole EU’s security on one single set of open source dependencies. Microsoft at least has a financial and legal incentive to try to prevent straight up breaches by state actors, shitty as they may be. There’s no such resource allocation or responsibility when it comes to open source repos.
Push a switch to Linux, by all means, but security monoculture is as big a mistake as putting your eggs in any other single basket, especially one as exposed as one single distro.
They are already interconnect at various points.
Schools are connected to university networks, university networks to loval government intranets and those are again probably at some point connected to the federal network.
I don’t wanna guess where else they have connections to like the police or legislative network.
There’s a world of difference between interconnectedness and an enforced monoculture of dependencies on a wide range of insecure repos maintained by hobbyists.