Comment by fsflover
9 days ago
> software that is funded by public means, such as from universities or institutions, ought to be made fully public, including ability to tweak
Anyone who agrees with this should sign this petition made by Free Software Foundation Europe: https://publiccode.eu
While I agree with the sentiment I'm not sure this is actually viable.
For example here in Poland the previous govt invested in huge amount of software for digital govt services. From company formation, social insurance/heathcare (things like electronic prescriptions and patient data) to tax submission at all levels.
All of this is implemented using publicly documented open standards so anyone can write a client for these services, or anyone can use official Web clients, but none of the code is open source.
This is in contrast to previous governments that tried to implement all of this using proprietary standards where the companies hired were paid billions to deliver a system and they ended up owning the data exchange protocol and a client they distributed in binary only form. And they also profited from commercial software that implemented their proprietary protocols.
That worked (for the company hired)for taxes and they made billions. But for other stuff like medical, when they had no way to sell their proprietary standards they wasted billions and years of time and delivered nothing. Then subsequent govt threw the entire project out and built it on open standards.
So based on this experience I think using well documented open data exchange standards is much more important than software itself being open source.
Who cares the server side software is open source if you still can't submit your taxes with your own python script?
>None of the code is open source
Well, not all, for example mObywatel was recently open-sourced (in a ridiculous way, but still).
I think you raise some important points. In my opinion, a lot of code funded by public money should be open-sourced, but it's not as clear-cut as some people believe. I'll use this comment to point out some of fallacies that people responding to you make:
>Also open source government code means other governments can fork it, overall lowering implementation costs, while still keeping code sovereignty.
This is completely unrelated. French government won't deploy a Polish public health management website just because they found it on Github. For projects of such magnitude you need deep mutual cooperation between both governments, and a lot of changes. Making the code open-source is the least important part, the code can be just shared privately.
In fact, there are many such European code, data and information sharing initiatives. There are meetings and conferences where countries can discuss this on a technical level. The code is shared, just not via public channels.
>The government - and taxpayers - should care that having closed-source software means they are tied to the company that wrote it forever, so changes and bugfixes will be much more expensive.
If a private company owns code used by government for critical purposes and can take the government hostage it's outrageous and taxpayers should riot. This probably happens[1], but most code is either written by government itself, or at least government owns the code and can switch contractors if necessary.
In particular, AFAIR the government code we're discussing right now was written by COI (~central informatics department), which is a public institution.
[1] For example, governments use Azure and GCP, even though - to me - it's clearly shortsighted. Fortunately there was a wake-up call recently, and it changes slowly.
>> Also open source government code means other governments can fork it, overall lowering implementation costs, while still keeping code sovereignty. > This is completely unrelated.
This is an option which does sometimes happen. And there is motivation to make happen more often, at least for EU-wide services. And there is also the side that it's doesn't have to happen between countries, it could be also happen the local level, like between administration of cities in the same country. The main reasoning here is more about spreading awarness and building the mindset that sharing code on all levels and working together even on such internal tools, can be good and should be increased.
> French government won't deploy a Polish public health management website just because they found it on Github.
Some governments have also their own platforms, specifically for co-working on code accross administrations. They are usually not public for reasons.
> For projects of such magnitude you need deep mutual cooperation between both governments, and a lot of changes. Making the code open-source is the least important part, the code can be just shared privately.
You still have to put it under a licence when you are co-working, even when it's shared privatly. Open Source does not neccessaly mean that the source is automatically accessable to the whole world.
Because if everything the government does is open source by default, the standards will be open standards by default. You can then add non-default code (closed source) for some applications (health, military).
Also open source government code means other governments can fork it, overall lowering implementation costs, while still keeping code sovereignty.
So your argument here is that while the software can be open source, it matters less, if whatever the software does isn't actually an open standard? Wouldn't "being open source with own custom protocol" essentially be as open as "open source or not, but software implements open standards" anyways?
Especially for the use case they’re talking about. It makes sense to have open standards for something like filing taxes so many companies can compete.
Having source code for the tax system itself is interesting, but I think the market for “run software for processing incoming taxes for polish citizens” is exactly one.
Unless they expect pull requests, which could be fun, but as OSS maintainers know, it’s a ton of work and boy would there be a ton of spam on something like this.
1 reply →
Many protocols (even open) are complex, and partially undocumented.
It would be nice to have both (open source and open protocol), but I kind of agree that if we should push for one, an open (decently explained) standard will probably be easier, simpler and with longer term impact, not to mention the interoperability benefits between countries.
"Who cares the server side software is open source if you still can't submit your taxes with your own python script?"
The government - and taxpayers - should care that having closed-source software means they are tied to the company that wrote it forever, so changes and bugfixes will be much more expensive.
> Who cares the server side software is open source if you still can't submit your taxes with your own python script?
The management, the government and the eventually the tax payers.
If the government wants to add a small change to the tax code, if it's not an open source software, they'd have to hire the same company that wrote it in the first place. That's when the companies tend to jack up the prices to crazy numbers.
I have personally witnessed companies winning the initial government contracts by undercutting everyone and then charging them 10X for even the tiniest of modifications. Some times the companies even flat out reject the future contracts because they are stuck with a better project elsewhere and the government is stuck with useless old binary.
If the server side software is open source, depending on the policy, you can also submit your changes to that software that lets you submit your taxes with your own python script.
I think it can be a reasonable assumption that the government has access to the code, while it is not being open to the public. There is a difference between "visible to everyone" (i.e. open source) and "visible to selected parties".
Having a different company do contract work does not require the source to be open, it just requires that the government owns it (as they get to choose what to do with it then).
Also, if no company is on a payroll because they are stuck with better projects, what makes you think someone that is not familiar with the code base would accept a merge request from an unknown party? Or if it was accepted, what makes you think this wouldn't immediately be abused to create loopholes and vulnerabilities?
> If the government wants to add a small change to the tax code [...] they'd have to hire the same company that wrote it
This is a very strange statement and you probably have some specific situation in mind that isn't really representative.
Normally when you hire people to write your code they do a work for hire, unless your contract says otherwise, you own the rights. There are some minor exceptions, typically for countries that treat commercial and artistic copyright differently, but that's it. I've been hired to add changes to people's software thousands of times, and it's never been on the table that I get some kind of ownership of their source code.
The license said source code is under is completely irrelevant. Especially in this question of tax authorities. That source code is normally not under some public license at all because it's their internal processes anyway, they may change at any time and the employ a number of programmers to do so. Plus a handful of consultants.