A lot of people in my TL are angry about open source orgs not getting invited to the WH OSS Security summit. I normally don't write about OSS any more because I get flamed, but fuck it here goes.
This anger is misdirected and based on serious misunderstandings. 🧵
This anger is misdirected and based on serious misunderstandings. 🧵
First, what is this event anyway?
It's not an event where decisions get made. They're mostly about optics and politics, The people who attend — CEOs and other executives, and their Gov't counter-parties — don't do the work. Most barely understand open source or security.
It's not an event where decisions get made. They're mostly about optics and politics, The people who attend — CEOs and other executives, and their Gov't counter-parties — don't do the work. Most barely understand open source or security.
These types of events _can_ be important, but really only as the very beginning of any real work. In the best case these events merely create the political top-cover for people in the trenches to do the work.
But the other part that people don't understand — and here's where I'm afraid of getting flamed — is the reason open source organizations weren't invited to this kind of event is entirely because these open source organizations just don't know how to engage in politics like this.
The people who come to these events are expected to make big broad commitments on behalf of their organization. Its these commitments that create that political top-cover. Without them it's ALL optics, all heat, no light.
And open source organizations are woefully ill-equipped to make these sorts of broad commitments. We don't have executives; we have boards and members and communities. We take AGES to agree on anything, and don't have people who can speak to us.
Take the PSF: (a) who at the PSF could speak with authority on behalf of the entire Python community and (b) how would they ensure follow-through?
It's not just the PSF; every OSS org I know is like this. Our greatest strength — community — is a weakness in this case.
It's not just the PSF; every OSS org I know is like this. Our greatest strength — community — is a weakness in this case.
Anger at the White House for not inviting the PSF or OSI or whoever is misplaced. If we want organizations that can join these rarefied circles, we need new kinds of organizations.
BUT! As I said, these events, when they work, are just the beginning of the real work. And there's good news there: there are some really smart and dedicated public servants at the White House and elsewhere in the gov't who are working on this. Many are my friends.
It'll be easier to engage at the individual level, so don't write the government off because of one weird event. There's a lot we could do, if open source communities can figure out better ways to work with the government.
If we want make progress here, we need leadership that's thinking about how we want to engage. What do we want from governments? Money? Regulation? Policies? Do we know how to ask for those things, and to get what we want when Facebook tries to block us?
Open source communities and government agencies will struggle to speak the same language; the anger over this event shows this. Open source communities need leaders who can bridge this gap. If I'm honest, I don't think we do.
Please prove me wrong.
</rant>
Please prove me wrong.
</rant>
• • •
Missing some Tweet in this thread? You can try to
force a refresh
