Czech Republic: Petition for open source in public administration

28 comments

·June 6, 2025

Vox_Leone

This really seems to be obvious. Brazil has such a legislation[0]. However, the code for the important payment service called Pix, developed by the Brazilian Central Bank, is nowhere to be seen. Laws alone are not enough.

[0]https://www.gov.br/governodigital/pt-br/plataformas-e-servic...

mlinhares

Which is incredibly sad, there's nothing special about it, it is actually a bad sign this is not public.

Tajnymag

I dig the initiative. Unfortunately, I'm afraid the petition either will not fullfill its target number of signatures or gets denied to be acted upon. Our public sector is too corrupt to make public software contracts transparent like this. Overly expensive and prolonged projects would look even more suspicious with the code (and possibly progress) being publicly available.

belval

I think libreoffice suffers from a branding style issue more than anything else. It's not like Office 365 is inherently superior, but it looks like it is straight out of 2006 and that negatively impacts the users perception of it.

My hunch is that if maintainers were to invest into making it look more like Office 365 (purely in a cosmetic way), the opposition to using libreoffice would reduce significantly.

And for the old timers that will run to "Office 2007/10/13 was the best version and had the old UI". I get it and agree, but the average person likes nice things that look up-to-date.

seemaze

Agree with the ‘Oldtimers’ with the exception of the recent additions of LET() LAMBDA() REGEXTRACT() XLOOKUP() etc..

trinix912

I'd argue this is not as big of a factor in governments as it is elsewhere (plus, they already use software that's way worse than LO in terms of UI/UX).

It's more that someone somewhere gets their % when selling them the commercial software, be it Microsoft or someone else.

xigoi

As a Czech, how do I sign the petition?

mikece

Are there government functions which CANNOT be done on Linux or LibreOffice?

tough

Yes if Microsoft can have a say, all of them.

Look at berlin / ms

fside

Amazing step towards saving tax payers money and avoiding foreign proprietary software. I hope to see more governments moving in this direction. The only problem is, certain systems may end up being a maintenance horror story.

dismalaf

Realistically there's no reason government can't use open source software and open formats especially.

Last time I had to fill out a government form in Canada, it was a PDF that only opened in the Windows desktop version of Adobe Acrobat... Even the Android version couldn't open it. Super annoying and completely unnecessary.

Edit - I don't even care if they keep their server code proprietary. But just use free formats, save our taxpayer money on stuff like Windows and Office licenses, and make it easy for citizens to interact with them. I'd even rather they hire some more local devs than send money out of the country.

NotOscarWilde

> Realistically there's no reason government can't use open source software and open formats especially.

> Last time I had to fill out a government form in Canada (...)

Without any evidence, let me argue why maybe it shouldn't. In the past, a common opinion that I have heard is that open source is more secure because all the code is out in the open.

The recent xzutils backdoor attempt [1] kind of led me to believe it's not really true, it's only true if many good-actor eyeballs, which are willing to donate their time for public benefit, are on the code.

Almost all of the government's code that I interact with are web apps that are potential targets of foreign adversaries -- tax filing web apps, prescription + vaccination scheduling web apps, family benefit applications, and more. (This is not in Czechia, but close.)

Now, would I want to read that web app code? Not at all, I couldn't care less about it. However, foreign adversaries would love to immediately start analyzing it. Extracting the entire country's health data or tax data would be a goldmine.

And even though there probably are several people actively paid to maintain security of these systems, I feel that the foreign adversarial agents would be much more motivated (and better paid) than government employees/software developers.

You could make a opt-out for national-security purposes for the code, but I feel almost all the code a government works on would have such an impact when compromised.

[1]: https://en.wikipedia.org/wiki/XZ_Utils_backdoor

(Disclaimer: I am a huge supporter of open source in general, contributed to the Linux ecosystem in the past and in my current job as an academic, almost everything I do is available out in the open in some way or another.)

switknee

The xz backdoor was caught before anyone used it. This is typical of open source backdoors, but atypical of proprietary ones. History is full of proprietary software with backdoors which were discovered after years or decades of being actively used. Lotus notes, RSA corporation, Cisco routers, Juniper switches, Huawei everything.

We have more or less immutable history of every change leading to every release of open source software. Any backdoors you previously created under an identity could burn that identity forever. That history is not available for proprietary software. If someone adds a backdoor in proprietary software for two years and then removes it in later versions, it's totally likely it'll never be noticed.

Thinking that open source software is at greater risk of being backdoored is akin to thinking most trees in the world grow along the road, just because you drive everywhere and have never been inside a forest.

lordnacho

Every country already has a special government agency that deals with keeping stuff protected. In fact you tend to think the people who know most about this are in government, don't you?

And it's not like there haven't been vulnerabilities found in proprietary software, despite them paying people to keep things safe.

jniles

Crowdstrike is a recent example that comes to mind. I don't see how paying for CrowdStrike made it more secure or reliable.

I would also argue that you could take all the $$ paying for proprietary software and contribute it to people who are making the open source software, making the reliance on "free" eyeballs less of an issue.

dismalaf

Microsoft has literally been hacked multiple times by Russia in the last few years. Our government lost hundreds of thousands of CRA (tax agency) credentials to hackers and had to lock millions of accounts. Other agencies have also been breached.

Meanwhile the XZ backdoor was found in Sid, Arch and pre-releases of Fedora and openSuse. It never actually made it into any numbered release of Fedora, openSuse, Ubuntu, Debian, Red Hat or Suse distro. It's actually a pretty big win and the system worked as intended.

Open source and Linux are doing just fine security-wise.

Also, none of this has anything to do with using offline tools like a word processor to make documents.

dralley

>Meanwhile the XZ backdoor was found in Sid, Arch and pre-releases of Fedora and openSuse. It never actually made it into any numbered release of Fedora, openSuse, Ubuntu, Debian, Red Hat or Suse distro. It's actually a pretty big win and the system worked as intended.

I would maybe not go quite that far. That it got caught was mostly a confluence of lucky breaks and accidents. The second version of the exploit would likely have not been detected if not for the fact that the first version of the exploit had a couple of programming mistakes that attracted some attention to itself.

fsflover

HN

Czech Republic: Petition for open source in public administration

Czech Republic: Petition for open source in public administration