What really is code.mil?

[vesche]

Is code.mil going to be a separate repository? Like a GitLab or Gogs hosted by the DoD? Or is the idea to have all of this on Github? And then is code.mil just going to be a showcase of Github repositories similar to code.gov? If that's the case I think it needs to be made more apparent in this repo.

I have a network security monitoring project that I have been fighting to open-source for over a year. Because of the way Github works, I will never be able to host my work projects here- doesn't matter how fancy the contributing/license gets. The powers at be will not allow projects to be open-source without some sort of CAC card authentication. If code.mil was GitLab that was configured to accept commits with a CAC card and potentially had an option that you could toggle to require CAC card authentication to view your project, there would likely be a ton of interest.

I think what a lot of people across the DoD are looking for is not code.mil, but maybe git.mil? And I hope that's what this will become... An open-source community by the DoD for the DoD. As far as I know the only solution for this currently is forge.mil, but it's really poor for sharing, collaboration, and version control.

I suppose what I'm really looking for is more technical details on the first question in the FAQ.

[shawoods]

@vesche We know there are a lot of internal barriers preventing DoD projects from becoming open source. Code.mil projects will only be hosted in public repositories, which for now is GitHub. There is no intention to add CAC authentication. We recognize that leadership might be more comfortable with projects behind CAC authentication, but that's not really open source. Code.mil is about fostering the creation of a truly open source community for DoD projects.

We'd like to understand the internal barriers you're facing that are preventing your project from being open source. If you're willing, please tell us more via code@dds.mil. Maybe we can help.

[johnmod3]

@vesche Have you tried https://www.di2e.net/display/DI2E/DI2E+DevTools ? In general trying to enforce some sort of CAC card scheme to see source code under an OSS license is doomed to failure and frustration. The problem comes trying to warp OSS into a model that breaks some key OSS precepts like being about to fork.

[vesche]

@shawoods I understand, and thanks for clearing that up. I sent you an email highlighting a few of my issues so you can understand my struggle. Another issue is that there are concerns of security involving personal identity (especially surrounding military members), that's why the NSA IAD Github never push from personal user accounts. If I ever wanted to hack on some open-source code from my job, I likely wouldn't be able to use this account.

@johnmod3 I have an account on DI2E as of a few weeks ago (it probably shouldn't have taken a year), and I'm going to look at hosting some of my projects there. There are two problems with DI2E currently, not enough people know about it and it's slightly too exclusive*.

[johnmod3]

@vesche agree, that also the reason forge.mil has failed, exclusive and too small a group of dev's. Having been at this game of helping the military/IC open up for the last 15 years - the toughest thing is stopping the bureaucracy from wanting OSS tuned to their needs, not realizing when you do that the projects die. Better to set things in stone and get them fully OSS'd, trying to create a halfway OSS project that is controlled by ITAR or secrecy laws just isn't worth the hassle. (But the gov should be taking control of the IP it creates by good code management practices even if not OSS)

[vesche]

@johnmod3 Well, I'm ready to get yelled at a bit. So I'll be trying to open-source something as code.mil gets off the ground, if anything to be part of the change.

[johnmod3]

@vesche head over to http://mil-oss.org/ and the mailing list https://groups.google.com/forum/#!forum/mil-oss lots of folks there with the battle scars and willingness to help :-)