

Open source — Government Service Design Manual - pythonist
https://www.gov.uk/service-manual/making-software/open-source.html

======
mmahemoff
Even the manual is open-source <https://github.com/alphagov/government-
service-design-manual>.

I suggested a comment on Saturday afternoon by Twitter, it was passed on via
an @ mention, and I was told it would be updated Monday. This is government
IT, but not as we know it.

~~~
jiggy2011
How long until the entire .gov IT infrastructure gets owned because some civil
servant decided to accept a pull request with an obvious backdoor?

~~~
LeeHunter
Could you describe any plausible scenario in which one pull request could
compromise the entire .gov IT infrastructure?

~~~
jiggy2011
wow, where to begin?

~~~
LeeHunter
Anywhere. Just one.

~~~
jiggy2011
exec()

~~~
LeeHunter
That's just code, not a scenario. Government IT systems are currently subject
to oversight, testing, comprehensive threat risk assessments etc. Those
controls don't disappear just because the software is open source. Right now
it's not possible to just deploy new code, open source or not, into a
production environment on a critical piece of infrastructure without review.
If anything, the open source code should be significantly more secure, because
you have added an additional layer of public review, testing and comment.

~~~
jiggy2011
Let's hope you are right.. :)

The UK gov does not have the best record with IT projects.

------
asselinpaul
Wow, makes me proud to live in England. This is the way forward. Employees in
most cases dont care whether they are given Windows or Linux as an OS.

------
ollybee
It's been mentioned here before but worth pointing out again. The UK
government has an official github account: <https://github.com/alphagov>

