cross-posted from: lemmy.dbzer0.com/post/51040952
I’m moving away from using products by big tech and I recently started using EnteAuth for 2FA. Today I got an email from them saying that they received money as part of GitHub’s secure open source fund. Maybe I’m just being paranoid but I do not like this at all. Microsoft is not altruistic I don’t care what anyone says. There has to be an ulterior motive for this. With even the recent news that github won’t be so independent anymore and they’re getting folded into the Microsoft umbrella this has me worried. But let’s be real github was never independent just look at copilot being forced down everyone’s throat. That’s why I personally stopped using it.
According to the fund
Throughout this program, each project receives $10,000 USD via GitHub Sponsors (which breaks down to $6,000 USD during the sprint and $2,000 USD at 6- and 12-month security check-ins). Projects are also invited to a new security focused community, and office hours with the GitHub Security Lab, that they can take advantage of during the full 12 months. They also receive security resources to immediately implement in their project and Azure credits for cloud infrastructure.
Those sponsors include
Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password
Projects that are part of this even include nodejs, nvm, log4j, JUnit, and Matplotlib. Taking cybersecurity seriously is great but this just seems like a way to sucker them into their ecosystem to get them dependent on their products. Like I said maybe I’m being paranoid but I wouldn’t be surprise when Microsoft suddenly buys these projects and we lose what made them so great.
just_another_person@lemmy.world 16 hours ago
You may as well just stop using computers all together, bud 🤣
I don’t mean to ruin your world view, but there are no ways to run anything you want to run by focusing on “altruistic companies”, however you may subjectively define that.
Look, you’re focusing on the wrong thing here. Maybe you didn’t know this, but the massive majority of FOSS projects get funded by companies - either for consulting, feature bounties, IC development - and is a main driving force for the ecosystem.
Many in this ecosystem would even tell you that every single project is massively UNDERfunded by said companies, and they should kick in more to help keep these projects secure and in good standing. They make billions and billions of dollars off people’s work, and it surely seems they should kick some of that back to the projects.
Whatever Microsoft’s involvement is here, it’s not going to be changing the direction of any of the projects mentioned. If for some reason something untoward starts happening with any project: boom, fork and new community. It’s that simple.
In short, these people getting funding for their work is a good thing. If you take issue with who is providing that money, you’re going to be digging a deep, deep hole in your research, and if you’re running down the dep chain, you’ll find out that all of the things you use have some funding by companies like Microsoft, Apple, Google, Facebook, IBM, Red Hat, Amazon, Alibaba, Halliburton, Qualcomm…I could keep going on and on.
WhyJiffie@sh.itjust.works 16 hours ago
I think you misunderstood OP. their complaint is not that these projects should search an altruistic donor… but that Microsoft is suspicious in doing this, because arguably they rarely have good intentions.
let’s hope so
easier said than done.
I think OP (and me too) is worried about the terms. like, can these projects abandon github without repercussions? can they start using another code forge in parallel?
just_another_person@lemmy.world 16 hours ago
Uhhh, repercussions like what? They’re getting small amounts of money for specific work. Up front. What repurcussions could there be for project moving to Gitlab, for instance?
abrasiveteapot@sh.itjust.works 10 hours ago
…wikipedia.org/…/Embrace,_extend,_and_extinguish
OP has a reasonable concern, Microsoft has had a troubling past history, and embrace extend extinguish hasn’t gone away, just look at the office file standards shenanigans.
It’s certainly the case that the purchase of github is intended to create a platform that has network effects (making it hard to leave).
Microsoft has proven many times that their participation in FOSS tends to come with a catch or an intent to subvert.
kennedy@lemmy.dbzer0.com 15 hours ago
yes exactly, my problem is not the money. These giant tech firms have use free projects all the time without any support at all. My problem is that I do not trust Microsoft at all.