One huge obstacle to open-source anything in DoD is the attitudes of their information assurance professionals. I have been told by numerous DoD IA people that "Open Source is bad because anyone can put anything in it" and "We'd rather have someone to call." I understand the second point -- we honestly don't have the time to run every last issue to ground and it's probably better if we do have some professional support for some of our most important tools. But the first just boggles my mind.
But the IA pros are, as a group, schizophrenic, because somehow people are getting things by them anyway. The system I'm working on has Python as a build dependency. The devs are creating reports using Jupyter notebooks.
Basically the DoD needs to stop being so damn obstinate about open source.
And for what it's worth, open source has been used pretty widely on the projects I've worked on- there's risk being tied to a single vendor and most acquisition orgs get that. The rare cases where we couldn't use O/S were usually situations where someone was trying to do something on Windows machines and they were trying to fly under IA's radar.
I envy you for being in an acquisition organization that gets all this. Mine doesn't.
"Publicly Releasing Open Source Software Developed for the U.S. Government", by David A. Wheeler, Software Tech News, Volume: 14 Number: 1. https://www.csiac.org/journal-article/publicly-releasing-ope...
It goes over the various rules for releasing software as OSS when the US federal government pays to have it developed.
It's very useful when arguing with IA staff regarding open source software.
Of course, if it is in python, then it seems to me the horse is so far out of that particular barn door that it is now half-way across the country...
Now yes, I am struggling with Information Assurance people and their cantankerousness, but I also have the unique pleasure of being the primary data scientist on this very large project, which is exposing me to new things every day. I just haven't had an environment for learning this rich before.
The official US DoD policy is very pro the use of open source software. The DoD's official policy on open source software is "Clarifying Guidance Regarding Open Source Software (OSS)" (2009), available at: http://dodcio.defense.gov/Portals/0/Documents/FOSS/2009OSS.p...
That policy says:
"a. In almost all cases, OSS meets the definition of “commercial computer software” and shall be given appropriate statutory preference in accordance with 10 USC 2377...
There are positive aspects of OSS that should be considered when conducting market research on software for DoD use, such as:
(i) The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification
and elimination of defects that might otherwise go unrecognized by a more limited core development team."
(Full disclosure: Dan Risacher is the point-of-contact and lead author of this policy, but I helped write the policy.)
There's also a "Military Open Source Software" (MIL-OSS) group, which is an informal group that discusses these things and works out solutions:
The claims that "Open Source is bad because anyone can put anything in it" is ridiculous. Anyone can edit proprietary software, too - just use a hex editor. The issue isn't whether it's technically possible to edit software (it always is), the issue is who has control over the supply chain. In both proprietary and open source software, there are only a limited number of people who have the privilege to determine what is accepted into the software. In addition, in almost all OSS you have a public record of who made what change (and what the change was), and everyone can see the result.
"We'd rather have someone to call" is completely legitimate. So, go hire someone. There are a lot of organizations who would be happy to take money in exchange for a person to call. It's how many companies make their living. This shift happened in the early 2000s.
To those so-called "IA" people who don't understand that open source software is a key aspect of software development today: welcome to the 21st century, perhaps you'd like to try living here.
For good talent, it's easier just to leave, get paid more, have a better life, than spend your work life arguing with irrational sandbaggers.
Our team once had to defend the decision to use OpenSceneGraph, because one PdM was convinced it could be hacked after deployment.
Regarding that point -- it's not really a dichotomy, is it? For the most popular open source projects you can nearly always find a corporation or 501(c)(3) willing to sell a support subscription. For the less popular projects, you might be able to get a subscription from individuals, if your sourcing rules allow suppliers like that.
So they use the understandable business logic of "we'd like to have paid support" to some silly and pointless purposes.
And yeah, my experience is not universal, but it's not uncommon, either, if the tales I have heard from all sorts of professionals in this world have any truth to them.
This sort of thing was exhausting. It's a lack of communication/coordination between the units. I had one office that didn't want to use DOORS (everyone else in industry and DoD that was on the project had their own DOORS servers setup already). The reason: Money and time to set up. Here's the deal, though, that one unit didn't need to take on the whole burden. There were already other projects using DOORS in the organization, someone had done the server setup and license purchasing already! "All" we needed to do was coordinate with them to share the costs so we could have access to their systems.
But no, they wouldn't even let me take on that task. They'd rather keep passing around excel spreadsheets and word documents. Clusterfuck.
Same thing with 99% of server systems. Each unit established their own enclave, rather than sharing. So the licensing costs overall were about 5-20x what they should've been. One license/purchase for 1000 users is cheaper than 20x50-user licenses (typically).
Perhaps this organization would also sign up to monitor for security vulnerabilities affecting the software, on your behalf, and would be responsible for getting you information about the patch.
Given the degree to which the DoD itself, via the NSA, has subverted open standards which have the same theoretical "many eyes" protection as open source, this isn't actually a surprising attitude for DoD to have.
Whether "no open source" is the best (or even a practicable, as the rest of your post addresses) method of addressing this concern is another question.
They use this internally.
The DoD by and large certifies SYSTEMS meaning a bundle of hardware and software. That makes sense when certifying an F-16 or an Abrams tank because they are bundled packages of hardware and software, but it is maddening when trying to work on say a web app or database.
A team I was on wanted to use a particular open source app and was told we couldn't because it wasn't authorized -- but it was bundled as part of the Oracle DBMS. So the ruling was that if we installed the Oracle DBMS on our desktops we could use it because that is how it was approved. But wait, another rule said we CAN'T run a DBMS on our desktops. ARGH!
That said it IS possible to use open source software. We use SVN and Tortoise SVN at work and it is explicitly on an approved products list. Another team is developing Java apps on Linux using Eclipse. But the only reason it is there is because an organization took the time to go through the test and evaluation process and submitted a request for approval to the network security gods (who are NOT your local IA people most likely) and waited 6-9 months for it to get through the review backlog. So it is possible, and your IA people SHOULD be in the business of helping you get to YES instead of just saying NO -- but the reality is many of them don't know how to get to yes because it can be a convoluted maze, so they just default to no for everything.
Good IA people know how to evaluate risk.
Bad IA people show up for the salary and point to a policy which says 'no' (i.e., not actually evaluating risk)
Ad-hoc proper IA requires evaluating your project according to a checklist of security controls. It could very well be something about open source doesn't fit well with those controls. The answer is to change the policy, then change the controls, and finally, pass your compliance checks.
Idk about DoD, but US Dept of Veterans Affairs is doing better with open source. Their bread&butter application, VistA, is open sourced. Their Technical Reference Model (TRM) is a catalog of approved/unapproved software. NodeJS and a lot of NPM packages are approved.
I'm currently working in a research team at NJIT's CSTR. We're looking to do a lot of raytracing for a project that we are working on. We've talked to one of our friends at JHAPL and they said they use 3 internally, 2 were DOD projects and 1 was PHARLAP. He also claimed that PHARLAP was neither the fastest nor the best and that the only reason he mentioned it was that it's not export controlled and we can get our hands on it. We've started interfacing with PHARLAP and the progrnosis does not look good at all. ~12 seconds/trace, I assume because we're going from python->matlab->fortran then back from fortran->matlab->python.
Does anyone here work on those other 2 raytracers? If you do work on one of those I'd love to get an email from you to see if we can get our hands on a copy of it (either from the code.mil project or via some contract for internal use only).
If you'd like to know more my boss would love to do a telecon if you work on one of these.
We were planning on writing our own which would be a hard endevour so if anything we'd rather just improve someone else's raytracer to include the loss calculations we need.
“This report is not about security. It’s about compliance”. Nothing more than DC turf wars.
For a brief moment, I had a mobile test automation gig. I found a device specific bug, and we only had one unit of that device. The device was inexpensive and easy to procure. But I had to make the case about why I needed to procure another device for fault isolation purposes, and doing so was not a trivial process. It kind of felt like a someone in accounts payable having to explain the need to buy more checks.
I left soon after that.
Hi, just wondering if someone could explain these points here. I don't know enough about either to know what the implication is or what the OP means.
Consistency, clarity, and understanding are what I'd like. But, these same IA people also get confused when I mention "highly technical terms" like the size of the SAN I'm planning on using.
As an aside, I dunno what a SAN is either ;-)
In this case 'suboptimal decision' is denying access to OSS.
It's a perfectly good, long established term for the people who review substantive facts and assign codes from a standard list, as is common in the medical billing field.
Let's keep using it, just not when we mean "programmers".
An analyst took business requirements and wrote specifications.
A programmer took those specifications and created flowcharts of the program logic.
A coder took the flowcharts and translated them into code on a coding form.
A keypunch operator punched the code onto cards, line by line, card by card.
So "coder" was a rather low status job, just one rung above being a typist.
Others involved in "coding" might attach a laptop to an ethernet, USB, RS-232, etc., port in an industrial machine and use command-line tools or GUIs to configure a device or monitor/diagnose a situation.
There's so much so-called "coding" that doesn't involve actual "software development" that I'm uncomfortable with the terms "coding" and "coder" ... though I'm OK with "code" (as in meat), but not with "a software code" (as in "a pork chop").
EDIT: distinction between "code" as in meat and "a code" as in a pork chop.
Anyway, software developers, computer programmers, and software engineers have no ambiguity. Shorten those if you want, but "coders" is a leap.
My goodness, within this field itself computer used to refer to a person, not a machine. Run into any ambiguity there recently?
And so I will continue to champion the language uses I want to see. E.g. internet instead of Internet, regardless instead of irregardless, "access" as both a noun and verb, programmer/developer/engineer instead of coder.
May the best word win.
Writing code isn't hard at all. I could teach someone how to write working hello world programs in a day. The hard part is architecting these projects to be readable, modular, extensible, efficient, and to follow standards.
First I tend to split the word from its meaning (because ontology matters, right?). I say "we code" just like "a driver goes back to his wheel" when we really mean his car, it's a figure of speech. Using a distinctive, hallmark part of something to refer to the entire thing (a "sail" for a boat, a "roof" for a home, etc.) When I hear a special one saying to a third party "oh he's coding", knowing she knows pretty well actual code writing is like 10% of the work, I hear "he's working, programming, doing his job/hobby". This thing.
I agree that a smug face dropping a condescending "that guy's a coder" may not be a particularly nice feeling though (but I personally hear "I'm too stupid to understand what this guy does, or I don't like doing it myself, so I'll just be a douche about it because it makes me feel better about myself", and laugh it out as you would imagine).
Then, the meaning. I come from a science background/interest, so there's code of the highest and noblest kind everywhere: DNA in bio, but also HLA; the Standard Model, and Information Theory, etc. Our reality is just a biologically-biased (i.e. "human") perception of what is, for all intents and purposes, code in the most fundamental of meanings. Even human languages are just code for our brains to communicate states.
So when I see our tiny civilization harnessing matter and energy into complex electronics, packing whole cities of transistors into powerful machines that spell a dramatically new turn in our quest against entropy (in other words one physicist's answer to "what is the goal of civilization?"), and how it's all just code... I don't know, but it inspires awe more so than anything (note that I don't care one bit how others see it, it's very personal). I see something graceful in the way we do that, in the way computer code is just our abstraction for finite state machines, just like a living cell runs on DNA and below all the cosmos runs on quantum fields. I tend to consider it a beautiful achievement that we've been able to abstract so much, so deep, considering the man hours required to replicate the activity of just one modern CPU.
Sorry for a long post, totally off topic as it stands. It's just that the social and historical perspective that gives coding a bad name rubs me in exactly the wrong way, as if it were belittling a god to say they've encoded this universe, or if the DNA in people (and links between them) wasn't just about one of the most important factor in their constitution and evolution. Code matters, as far as we know, and actually literally.
A TL;DR/ last minute poetry illustration: saying "a winery makes wine" doesn't fail to honor their work because we ommitted the seven hours out of nine when they're not actually making it; on the contrary the very superior nature of the resulting nectar speaks for itself of the high nature of their trade as a whole, and it's gratifying that we don't speak of all the behind-the-scenes not-so-glamourous aspects of it.
So I make code. How's that not beautiful in every possible way? :)
IMO, programming consists of two main tasks: developing abstract algorithms to achieve desired goals and reducing those abstract alogorithms to concrete code.
While both are essential, the hard, interesting, and more valuable part is the first, and "coder" captures the second.
(Software development encompasses even more tasks.)
Developer > Programmer > Coder
(Leaving aside, for the moment, the collision of "coder" with a completely unrelated profession.)
Depends on what you find interesting. I'd almost consider this an elitist attitude. Eventually, somebody has to do the actual work to implement the abstract algorithms, and it's really a lot better when you've got a talented person that cares about those nuts and bolts details and the realities of hardware and networks and runtime performance.
Sure, and that's, as I said, also an essential part of programming, which is a strict superset of writing code.
Those of us working as programmers in environments where we not-infrequently work with actual coders appreciate the distinction being preserved.
* There is no copyright and plagiarism doesn't exist. Internally to the military everything is libre to the most maximum extreme. While people do get credit for their work they have no control over that work and anybody else in the military can use their work without permission.
* Service members and employees of the military are not allowed to sue the military. As a result software written by the military has no need to disclaim a warranty or protect itself from other civil actions.
* Information Assurance protections are draconian. This is half way valid in that there are good monitoring capabilities and military information operations are constantly under attack like you couldn't imagine. The military gets criminal and script-kiddie attacks just like everybody else, but they also get sophisticated multi-paradigm attacks from nation states. Everything is always locked down all the time. This makes using any open source software really hard unless it is written yourself or you work for some advanced cyber security organization.
One of the reasons that the Feres Doctrine has not changed, even though many service members have challenged the law, is that Congress has always had the power to change the law and has not done so. In 1985 and 1986 some members of Congress tried to pass a law that would have allowed active-duty service members to sue for medical malpractice. The law did not pass. In 2009 members of Congress introduced another bill that would have allowed service members to sue. It was called the Carmelo Rodriguez Military Medical Accountability Act of 2009. The proposed law was named for Carmelo Rodriguez, a marine sergeant whose military doctors never told him about potentially cancerous tumors on his body, even though the tumors were noted in his medical records over the course of 8 years. This bill never became law. (Dec, 2011)
Just like everybody else.
That said, I think you're on to something there, and I am immediately launching my new Facebook-for-Cats venture! Wish me luck!
 Tentatively named either FurrBook or PurrBook
 Well, maybe... 
Is there an explanation about why Unlicense is not appropriate? Or what it would take for an Unlicense derivative to meet the legal requirements? Could the laws be changed in small ways to allow US Government employees to more fully participate in open source?
"The Unlicense is a template for disclaiming copyright monopoly interest in software you've written; in other words, it is a template for dedicating your software to the public domain. It combines a copyright waiver patterned after the very successful public domain SQLite project with the no-warranty statement from the widely-used MIT/X11 license." http://unlicense.org/
I like how other commenters have included other successfully US.gov and specifically DoD open source such as BRL-CAD and NSA's Apache Accumulo.
And the DoD Open Source FAQ is interesting and something I haven't seen before: http://dodcio.defense.gov/Open-Source-Software-FAQ/
Open source and US.gov participation reminds me of what happened with NASA Nova. It was pretty sad that when OpenStack became relevant in the industry that seemed to cause a panic at NASA and they pulled completely out of OpenStack development. Instead of NASA being to help the project stay focused on being opinionated enough to be generally useful (out of the box), NASA was too afraid about the perception of competing with proprietary commercial interests. (It was nice to see last year, all these years later, that NASA’s Jet Propulsion Laboratory is now a user again having purchased RedHat OpenStack.)
The Unlicense was not drafted by legal professionals. Please do not use.
CC0 is better. However, it still has issues in that it explicitly disclaims patent grants.
We still don't have a solid license of this class.
Has the Open Source Initiative otherwise tried to find a solution such that software works of the United States government would have a clean path to be compatible with Open Source?
CC0 may be better if you are looking for international agreement, though it seems like the patent related clause resulted in the review by opensource.org to be abandoned.
"CC0 was not explicitly rejected, but the License Review Committee was unable to reach consensus that it should be approved, and Creative Commons eventually withdrew the application. The most serious of the concerns raised had to do with the effects of clause 4(a), which reads: "No ... patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.". While many open source licenses simply do not mention patents, it is exceedingly rare for open source licenses to explicitly disclaim any conveyance of patent rights, and the Committee felt that approving such a license would set a dangerous precedent, and possibly even weaken patent infringement defenses available to users of software released under CC0."
As I understand the sequence of events, NASA didn't pull out of OpenStack because they got cold feet, the folks at NASA who drove the contribution of code from the Nebula project that became OpenStack Nova started to see $$$ and went off with the rest of their code to found the OpenNebula project as well as the OpenNebula Systems company.
The folks remaining at NASA were then left with an unpalatable choice of picking favorites between a consortium of vendors and a spin-off.
A point of correction, NASA Nebula became OpenStack Nova and one of the spin-offs was Nebula.com which folded and some of the team went to Oracle. That Nebula is completely different than (the European) OpenNebula: https://en.wikipedia.org/wiki/OpenNebula
But my understanding is that the European OpenNebula grew out of some of the same initial NASA Nebula code, and some folks went to the US subsidiary they created.
Now, while I was paying attention at the time, I didn't exactly have a front-row seat, and my memory could be wrong - three open source projects and three companies all with near identical names is a bit confusing!
And consider the 2010 paper on "A Comparison and Critique of Eucalyptus, OpenNebula and Nimbus"
The DoD, though, is still trying to feel its way around. There seem to be some lawyers there who are very hard to convince. For years, they've been asking to have various licenses and CLAs modified and we've been telling them no.
Here's their latest request for the Apache License 2.1:
Also, the DoD CIO has had, since ~2003, this excellent FAQ supporting open source:
But as people on this thread and elsewhere will tell you, that hasn't resulted in widespread support at DoD for open source.
Hopefully this helps push things in the right direction, although I'm not optimistic.
It highlights a unique aspect of Federal Government developed software: it's public domain rather than licensed based on copyright law. This facilitates reuse but complicates contribution by outside developers.
(Note: employee of DDS)
Just think back to why you studied computer science or coding. I hope it wasn't to help build spy tools on your friends & families. I hope it wasn't to help engineer destructive weapons that is dropped on innocent civilians.
Fuck code.mil, fuck lockheed martin.
edit: I've turned down VC money a while ago because I discovered they had previously sold a company to Lockheed Martin affiliate. Downvote all you want but I'm not some spinless piece of shit that will throw out principles and morals for it. I love making money but it's not worth losing your compass or soul over.
The DoD is the single largest employer in the world. This sophomoric implication that all three million people live and breathe to slaughter the innocents is downright stupid.
I respect your decision not to engage with military operations, but this bizarre ranting isn't productive, and isn't going to alter the course of wars. Consider running for office instead.
I studied computer science because it was interesting. Period. Not because I wanted to change the world, or make a pile of money.
I wrote code, as a contractor, for the army, as a way of serving my country. I know that's not a popular stance to take now that pride in one's country is not politically correct, but pride in and service to my country is something that is important to me. Don't mistake pride for blind unwavering support in everything we do like the "USA-USA" chanting folks often have. I'm more than happy to point out where we, as a country, have fucked up. We've done it quite a lot.
I have medical conditions that preclude active service. I also have a family tradition of service, both in and out of uniform. Since I could not serve in uniform like my great grandfather did in WWI, my grandfather and his brother did in WWII, or like my uncles did in Korea and Vietnam, I did as my father did and served my country by providing my skills in a time, place, and manner the DoD needed.
I'll have no decorations, no glory, no rifle salute at my funeral.
I most certainly could have made a boatload more money working elsewhere.
Yet, I don't regret it one bit.
It was something I felt I needed to do - some will understand, others, I suspect including you, won't ever comprehend
War moves humanity forward, but at a terrible price. Since humanity will never eliminate war, when someone has to pay that price, I'd simply rather it not be my countrymen (and now countrywomen).
I'm happy you've got values you're willing to stand by and not compromise.
I'm happier that I live in a country where you're allowed to call those that serve "immoral" and "spineless piece[s] of shit" with no governmental repercussions or retaliation.
I'm happiest that despite my conditions, I found a way to contribute, even if in a minor (and now most likely obsolete) way, to the defense of that nation.
It is way, way, way, more complex than that and I'm sure you know this.
I know you were just defending what you saw was a wrongful attack against yourself, but you accidentally snuck in attacks on other demographics in the process.
So what do you think of all the people working at Google, Facebook, and Microsoft? All of them are spying on everyone too.
Countless software engineers work in the web space, where much of the money for continued operation comes from advertising, which these days includes tracking and spyware.
Honestly, can you point me to anything in Silicon Valley or the tech industry that's actually an ethical business?
And even if you find someplace that isn't involved in spying, you get places like Uber where sexual harassment of female employees is encouraged and promoted.
AFAICT, if you're worried about doing work that doesn't compromise your morals in any way, and really does contribute positively to society somehow, you'll have to do something like avionics work: low-level code to make critical devices work as safely as possible. But even this has descended a lot from the military realm, so I don't think that's really safe either. You could also work on space probes, but that's a problem too because those are all built by defense contractors and research organizations that get most of their revenue from the DoD. Maybe the automotive sector.
Like you said, there's more at stake than money.
They are in the business of hurting, killing, and causing suffering.
I really can't believe he level of support HN is showing. Yesterday's thread and comments about Peter Thiel about being a POS & hypocrite for Palantir. Today, open support of defense industry is front page.
The violent actions of the US and Allied forces brought an end to the Holocaust.
Violence is sometimes necessary and morally just in self defense and in defense of those who cannot defend themselves.
Would you claim that the work of US Coast Guard after Hurricane Katrina was immoral? Is the Coast Guard "in the business of hurting, killing, and causing suffering"?
The "support" you see here on HN has less to do with hypocrisy, but instead is condemning your ill-reasoned moral absolutism.
It should now be crystal clear to everyone why it is simply not ok to bomb endlessly without congressional approval, create massive military / surveillance apparatuses and systems of secret courts with secret laws, run black sites and an enormous network of prisons all while diminishing habeas corpus, perform targeted assassinations on American citizens and foreigners alike, develop 'tactical' nukes, etc. It is crazy to allow those things to happen without speaking up (no matter who is president, Democrats), and nearing evil to directly contribute to the creation of these precedents and apparatuses. Obama is about as objectionable as Trump IMO, but the point is you never know whose hands all of this power will end up in.
It's not clear to me why this is necessary/desired. Is it because of contribution to existing works protected by copyright or something else?
From the OSI's FAQ :
> What about software in the "public domain"? Is that Open Source?
> There are certain circumstances, such as with U.S. government works ... we think it is accurate to say that such software is effectively open source, or open source for most practical purposes
What problem does this license aim to solve?
EDIT: ok this comment  clears things up a bit. AFAICT It's specifically regarding a mechanism to permit foreign contributors while allowing them to disclaim liability.
> When You copy, contribute to, or use this Work, You are agreeing to the terms and conditions in this Agreement and the License.
I do not see how this is enforceable, or that it even makes sense, any more than it would make sense for me to take, say, a NASA photo and slap my own terms on it. If it's in the public domain, there's no ownership and no 'or else' to back a contract setting licensing terms.
The alternative is that I'm misunderstanding this license, of course. Where am I going wrong?
18F, USDS, and the Presidential Innovation Fellowships are philosophically related, but organizationally and functionally distinct.
(really flat top/bottom pay ratio too: private E1 gets paid $19k/yr top generals max out at $180k base - I've heard of grads fresh out of master's getting more than that at Google)
Socialism is all about reducing the effect that direct actions and agreements between individuals can have on society as a whole.
Open source is all about direct action and the unplanned dynamics that may unfold as a result.
The point is to directly control the effects of economically relevant actions and not leave it to an emergent dynamic that results from direct actions and agreements between individuals (i.e. the invisible hand).
Socialists think that it is in everyone's best interest if the government plans what work needs to be done, what resources to allocate and under what conditions the product should be made available to users, which directly contradicts the way in which open source software is produced.
In my view, the similarities between the DoD and socialism are lot greater than the similarities between open source and socialism. Any particular open source project can of course adopt a military style command and control structure, but not the open source model as a whole.
Is there any DoD code that is both interesting and suitable for public consumption?
For things where you truly need custom code - like missile guidance systems, avionics, specific process oriented tools for crunching data (intel or otherwise), open sourcing the core application is probably not going to help anyway. One problem though is that, increasingly, people want to use open source libraries for things. Take the data crunching - people want to use R, Python, Hadoop, whatever. This is where people are running into issues. And good luck getting those tools into close environments (e.g. classified networks) - many places do not have the resources in manpower or expertise to custom build the environments they need, so they couldn't use the newest shiny stuff even if they wanted to, even if their IA shop allowed it.
As to your last question, not a lot of examples to mind (maybe Accumulo like someone mentioned elsewhere), but another factor is that there are few programmers that are actually DoD civil servants - most stuff is written by contractors and DoD folks don't usually have the experience or knowledge necessary to even understand what they're getting at a technical level in order to recognize that what they have is something worth open sourcing (which might take some work). I'm not saying it's bad everywhere - I have met some pretty awesome technical folks that were GS's - but it's very uneven.
(disclaimer: USAF vet and still involved with the DoD)
But I remember reading about a statement from the Pentagon that they recouped every cent they ever invested in computer science research during Operation Desert Storm, thanks to a logistics package that had grown out of said research.
And given the scope of the US military apparatus, it does not sound ridiculous.
Now, this is like 4th-level hearsay, but I can imagine such a logistics package would be quite interesting for many a company.
Forge.mil is based on the old version of the SourceForge software. The public documents say it uses Subversion, for example - there's no hint that forge.mil supports git: http://www.forge.mil/Faqs.html .