U.S. DoD Open-Source FAQ (2021), https://dodcio.defense.gov/Open-Source-Software-FAQ/

  Both entirely new programs and improvements of existing OSS have been developed using U.S. government funds. There are far too many examples to list; a few examples are..

  Security-Enhanced Linux (SELinux) 
  bind’s implementation of DNS security (DNSSEC)
  BSD TCP/IP suite - Provided the basis of the Internet

A recent (2019) example is Ghidra, https://ghidra-sre.org.

> The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.

How big of a hole is this going to be?

> One of the critical aspects of this law is encapsulated in Article 9, which not only mandates the disclosure of source code but also allows public bodies to offer additional services related to support, integration, or IT security, provided these services align with public tasks and are offered at a cost-covering remuneration. This provision ensures that while fostering OSS, the government can also maintain a competitive balance and avoid market distortion .

Finally, government getting into the SasS action.

It seems "security concerns" has become a catch-all these days for "we don't want to do it".

A court would likely decide that the supplier is in malicious non-compliance and may be able to assign financial penalties.

So it's important that the penalties are significant enough to deter non-compliance.

Good observation! That's the standard waiver lopohole the size of a truck.

Remember the net neutrality law? In principle providers should not be able to block the smtp port. Except they do. In the Netherlands they block this with Ziggo. Except they don't. Cause they open it again if you pay more for the business version.

Most public sector code is not made public for the shame it would bring the country.

We need a CRAPL fork https://matt.might.net/articles/crapl/

Eh nothing shameful about code that does the job

I think that’s the problem. In so many cases, it doesn’t do the job.

Good! And good luck with that.

I think Brazil made noises like this for a short time some years ago. I don't think it went anywhere but it is clearly the sane ideal, and is just a failing that we don't have it. A normal failing like countless others, bit still a failing.

To me it never made sense for any public facilities to rely on anything the public couldn't at least audit, let alone modify to remove any artificial private-serving restrictions like undocumented file formats and artificial lack of inteteroperability with other software and old versions of the same software etc.

Maybe eventually this will be a thing, but will probably take forever.

Assuming this doesn't really stick long term, at least it seems that very gradually, more municipalities are trying.

Sooner or later maybe it will start to stick, maybe only in some smaller places at first that can get away with being opinionated and principled, and too small for MS and Oracle to fight too hard over.

But those may beget a few others. Maybe once tiny town down the road does it, slightly larger town realizes they could too. And then maybe you have a world where say 2% of public official things don't use Office or Oracle etc.

That starts to make it important for everyone else to support agnostic compatibility as a real thing they actually have to support instead of just forcing all their users to use Edge or Chrome or Office etc.

And once that starts to happen, once most services and products actually work with firefox and libreoffice etc, it makes it less crazy and unimaginable for some larger less hippy idealist municipalities to actually consider the principled argument. They have less ammo to shoot it down.

What ia your perspective on why this failed implementation in Brazil?

Was it because mon compliance was not punished ? Or perhaps there was no system tontest for compliance?

There was a push from the government itself to buy open source but not to require companies to publish or make their sources available. Not sure if this was what the OP was talking about.

It was later undone because providing support for these alternatives sucked (open office and the like), people didn't want to use tools they had no experience with and corruption, as the big players could just bribe people to buy closed source software.

Curious how they plan to enforce this. Will they be auditing their own organizations? Are theg requiring govt organizations to go through some kind of review before they're allowed to deploy new software? Are they relying on whistleblowers? Or is this basically just a declaration with the expectation that their organizations will act in good faith going forward?

It would be good if they mandate public sector own their own source code, build procedures including on future hardware, tests, documentation, etc and rights to grow it further.

Disclosing to public is secondary but useful.

I would love for the gov.uk source code to be public. It’s some of the best software I’ve ever used, let alone software in the public sector.

The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.

"unless precluded by third-party rights"

Oh. Well then. Nothing to see here.

I agree. Every vendor is going to build software by making 90% of it a proprietary library and then 10% a wrapper around that which is useless to everyone. Also literally any application that uses authentication could argue that it’s a security concern to release code