Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Dept. of Defense Creates Its Own Sourceforge

Posted by Soulskill on from the sharing-their-toys dept.

mjasay writes "The US Department of Defense, which has been flirting with open source for years as a way to improve software quality and cut costs, has finally burst the dam on Defense-related open-source adoption with Forge.mil, an open-source code repository based on Sourceforge. Though it currently only holds three projects and is limited to DoD personnel for security reasons, all code is publicly viewable and will almost certainly lead to other agencies participating on the site or creating their own. Open source has clearly come a long way. Years ago studies declared open source a security risk. Now, one of the most security-conscious organizations on the planet is looking to open source to provide better security than proprietary alternatives."

4 of 131 comments (clear)

  1. Re:forgemil.com? by imamac · · Score: 5, Informative

    Nice. It even points the user to ANOTHER non-.mil site to download a PKI certificate. That settles it for me. This is NOT the military.

  2. Re:forgemil.com? by legirons · · Score: 5, Informative

    You know it's the right site, because its certificate is signed by the DoD CA.

    Except that CA isn't installed in any browser.

    And the site to download that cert is signed by the cert itself. Security by circular reasoning.
       

  3. Re:forgemil.com? by Anonymous Coward · · Score: 4, Informative

    forgemil.com is for public access to information about what the project/service is. It explaines, quite clearly, that to access forge.mil, you will need either a DoD-issued pki cert (CAC for you DoD folks), or a cert from a DoD-trusted source. All .mil infrastructure stuff is pki protected by policy. It also explains in the FAQ why you get the ssl warnings about untrusted certs. It also tells you how you can download the DoD root certs (they only provide installs for Windows; you'll either have to dig around to get the certs for other platforms or just create an exception in your browser).

  4. Re:forgemil.com? by Vertana · · Score: 4, Informative

    The reason for that is, you have to be in the DoD and you receive the cert by CaC (DoD ID cards which double as a smart card with your PKI certs and authentication information). This forces you to obtain the certs physically and in person at a DoD site (ie ID Center on a military base, etc.).

    --
    "The best way to accelerate a Macintosh is at 9.8m/sec^2" -Marcus Dolengo