What US based open source software should one reconsider after Jan. 20?
I'm thinking that software like Signal, Bitwarden, Firefox and RHEL is more likely to be pushed (by unconventional methods) to introduce backdoors under Trump 2.0. Less complex software that is developed by an international community is of course less suseptible.
What do you think? Will the risk be higher during Trump 2.0 or is the FOSS community diverse and international enough? Am I just paranoid and irrational?
Closed source software and cloud is of course a no brainer since always. But clompex FOSS with centralized development and hosting pretty much suffers from the same problem.
The old adage isn't just for show; if you're up against a state actor, or believe you need to secure yourself against a state actor, you're fucked.
That being said if you're not already secured against the 5/13 eyes and you think Trump makes a difference you're too naive to ever be targeted and nothing you do matters to them.
Trump makes no difference in terms of the US government attempting to breach privacy. Every anti privacy measure the US has ever pushed has been bipartisan, including the patriot act which was written by Joe Biden. You're not paranoid enough or far too paranoid.
I mean, if you want to carry that line of reasoning out, the Linux kernel is governed under a US-based foundation, so should the kernel itself be suspect?
How about FreeBSD? Or something like Debian? Or Ubuntu, which isn't US-based but they're in a typically cooperating jurisdiction?
You're def being paranoid and somewhat irrational, since it's unlikely to happen and if it did, it's not like you could trust anything at all anyways.
But the corporation that handles all their funding and owns their trademarks is in the US, so they're possibly subject to the same pressure. And of course a good number of those people in that org tree are in the US, so again, same issue.
My point was more 'this is silly, because if you REALLY think that, there's nobody and no project that's got any ties at all to the US that can be considered safe, and you should maybe get rid of all your computing devices now', rather than an intent to say that Debian or anyone there is at more or less risk.
Ditching the Linux kernel is probably a good idea. Or at least run your own fork. Which I expect that many state actors and large companies already do. Also, I suspect that we'll see more large public kernel forks sooner rather than later. Even sooner if Linus retires.
To be honest, I don't care that much for myself. Guess I wasn't completely honest in OP. I'm just a nobody who gladly exposes his soft parts in exchange for cheap and easy access cat videos and general dopamine. Rather I'm thinking about what strategies policy makers, companies, NGOs and the general public should consider, as we crash into even more exciting times.
RHEL is more likely to be pushed (by unconventional methods) to introduce backdoors under Trump 2.0.
Source is open, and every part of the build can be reproduced openly -- and every file in the deliverable is checksummed into a signed manifest. You can tell when a file is polluted or just rebuild.
Enterprise OSes are different. Levels of validation is one way.
Your not being irrational, but paranoid but I think in a good way. Many people here don't understand what horrible things may happen to disenfranchised people next year with Nazism 2.0 project 2025.
Good to learn and understand these things and figuring it out to help others. Wish more people looked into this. I may not know but makes me feel helpful others are looking into these things more