All the rest specialise in proprietary software, and only do open source software as a side thing. They represent open source as much as the gas industry represents renewable energies.
Also, the government should get way more in-house expertise. I am a firm believe in an all-capable administrative state which should be able to do just about anything in the economy, even if it chooses not to or can't do all at once. The government needs way more in-house programmers doing various things, and those civil servants should be in these meetings so it's not just the vultures tricking the politicians.
In general, in-house expertise should be a bulwork aginst regulatory capture. E.g. If HHS/FDA/NSF did its own drug development not just drug research the incentives would be very very different.
I disagree. ML and DL have become core parts of Meta and Google, both. And both of them do it very openly.
Meta and Google regularly contribute to open research in AI and all their tools are open source.
Meanwhile, they fund OpenSSL (https://arstechnica.com/information-technology/2014/04/tech-...) but are also funding alternatives (https://www.neowin.net/news/google-provides-funding-for-deve...).
... but in-house, in their running-on-Borg services written in Java, they have their own API for log capturing. Log4j doesn't offer nearly the level of integration to their logging and tracing fabric they need. And the Cloud Logging API has adapters for Log4j, but none maintained first-party, IIUC.
The status quo is negligance for yours, and they are not interested in proposing meaningful standards that would require redoing their stuff in a Nix/Guix style way.
This isn't just a Google thing, lots of companies were at the summit.
Obviously we all want more safer and secure software, but in reality, I feel like vulnerabilities get worked on pretty fast... not sure if we need a saviour. On the other hand, it is good that big companies that do benefit from open source software actively contribute to make it better.
So yeah. Mixed bag of feelings as with everything.
For example, Microsoft's operating system name "Vista" shadows the name of perhaps the longest-running open source software project in existence.
And Google's project name "Salsa" shadows the GitLab version control repository for Debian packages.
It's most likely pure coincidence, or perhaps imitation as a form of flattery; and probably also not infringing in any technical copyright or trademark sense.
Securing open source software will require disambiguation of software by package name. I think they could lead by example by disambiguating their own initiative names; that will be part of the problem space before too long (in other words, knowing more clearly what services and participants are involved in the overall ecosystem).
Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Facebook/Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat and VMWare
having more control or total control over open source software? Creating moats that make it harder for the average developer to contribute to the ecosystem seems like a power grab.
On the surface it is a positive with benefits for the user but longterm it could be the death of open source.
Everytime a large corporate or two takes over a space no matter what they never give them back to them. This is turning open source over to existing powerful companies to control or kill.
At least they haven't made 'unregistered open source change' an illegal act yet but we are closer than ever
this will turn into yet another government granted monopoly like Telecom. few players control the entire industry and in return, govrt can tap into their network.
Particularly the criticality score ratings seem just about entirely useless. Mostly seems to reflect different kinds of workflows. Using things like comment frequency etc will never get at the type of projects the xkcd comic in  is about.
The only thing you might complain about is the already existing problem that it's damn hard to get paid for writing good open source software, unless you work for a business like these - this doesn't really make that worse though, or at least not for the wrong reasons.
If they own the copyright and control the only source code available, they can change the license regardless of whether it is permissive or copyleft currently.
If they do only the second, they can shut down the repo regardless of the license, even if they don't change the license, and unless it's something like AGPL continue internal use.
If they don't control the only archive of source code, then even if they can change the license going forward, other people can continue to distribute and fork off from the last Free version (again, irrespective of whether permissive or restrictive.) Unless they both own the copyright and have the legal power to retract the license offer for the earlier code (contrary to the usual express terms of license grants, which may be possible if it is a gratuitous license, but even if it is may not be fully effective in all cases because of promissory estoppel.)
If you're outside sweeping your steps and I walk by and ask to see your broom for a second and then I beat you to death with your broom you aren't to blame because you handed me your broom.
If you build a broom and I ask if I can see it and you say yes you can see it and you are free to make another one like it for yourself and make more to sell for everyone else, then you can't complain about them doing it.
As for the "they didn't envision", then it's entirely their fault. If they put their code online using default copyright law, this wouldn't be allowed, they specifically picked a license that allow it.
Address the cause, not the symptom. Make it so these individuals are more capable of upkeeping their projects. Otherwise, over the long term, you'll end up with projects disincentivized to do the maintenance, leading to a weaker open-source community.
If it’s GPL or similar, the process is slower. They will probably immediately start a grand redesign which will, incidentally, not use the GPL library. In the short run, they will start a replacement implementation of the GPL library, incidentally permissively licensed. Both will take time, but usually gets there.
Both of these cases are seen all the time.
If I have code where that isn't literally free labor for my business/project, I'll keep it closed source. If I have code where that's free labor but also competes with or commodifies my business/project, I'll keep it closed source or use GPL.
This sort of boils down to "only use MIT if you really mean it", right?
And most of it will be security theater that looks good but does little to actually support secure computing because at the end of the day Bob is going to plug in a USB that Mallory drops in the parking lot that says "XXX Pics".
Why would that kill your project? Presumably you’re maintaining it for your own use if it’s a hobby project. Who cares if some for-profit company who wasn’t contributing code or financial support doesn’t use it?
I think any project that's not a hobby project and is responsible for providing a quality, reasonably secure product to paying customers would prefer this. Be it a mega-evil-corp or a scrappy startup or anything in between.
But if you're a founder of such an open-source project that is getting interest from big companies, that sounds like an opportunity to get funding and turn your hobby project into a startup. Pretty sure most of those mega-evil-corps and scrappy startups would rather pay the project founder and originator than some fork.
For anyone that thinks this is hyperbole, this is already close to the current standard for shipping any executable to Windows or macOS machines today. If you want your app to run on either operating system, you first must buy certificates every year and sign your apps with them, and then you must remain in good standing with Microsoft or Apple if you don't want those certificates revoked or if you want them to be renewed.