Nothing has changed since then, except that folks are getting a wee bit more concerned about their privacy now that President Donald Trump is in charge of the US. You may have noticed that he and his regime love getting their hands on other people’s data.
Privacy isn’t the only issue. Can you trust Microsoft to deliver on its service promises under American political pressure? Ask the EU-based International Criminal Court (ICC) which after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu for war crimes, Trump imposed sanctions on the ICC. Soon afterward, ICC’s chief prosecutor, Karim Khan, was reportedly locked out of his Microsoft email accounts. Coincidence? Some think not. Microsoft denies they had anything to do with this.
Not a good idea, but github is based on git, and git is completely decentral, a developer can move or backup his or her code in minutes.
For example to a FLOSS site hosted in Germany, Codeberg.
Linux as a project can’t be taken hostage, that would be like trying to imprison the ocean. But open source developers can, and sadly I think this is what is going to happen: While there are certainly a few nutjobs, I think the general goals of the open source movement are just totally incompatible with the authoritarian drift of current US politics - the GNU Manifest is pretty much a child of the American Civil Rights movement. It may well happen that in the next decade, many sweet American People will need our help and protection as much as people from other parts of the world have needed since the World War.
This reminds me of the time when Debian broke their OpenSSL and for two years, ssh keys generated on Debian were basically taken from a pool of only 32k different keys…
That time it was an honest mistake, but it would actually have been a very efficient attack too if it had been intentional. Imagine succeeding at getting your target to use private keys for ssh or ssl etc. from a tiny pool that makes something usually impossible to brute force suddenly trivial. And nobody noticed it for two years.
Well, in the case of closed-source software, you can be dead-sure it is already subverted. As are probably most networks.
In general, I think Linux’ many-eyes principle works quite well, just think in the case of the xz-utils backdoor which was caught before it reached large distributions.