-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.html
40 lines (40 loc) · 2.72 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Open Deploy</title>
<link href="//styles/manifesto.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="content">
<h1>Open Deploy</h1>
<p>
Open source code is a wonderful thing that has increased the transparency, security, and trustworthiness of the software we use every day.
</p>
<p>
However, very few people have the knowledge and motivation to run their own services for things like messaging, video conferencing, social networking, blogging, and gaming. Instead, we use services run by companies and organizations that do have the knowledge and motivation.
</p>
<p>
Using such "cloud services" is very convenient. Unfortunately, we can't see how these services are run, even if they are built with open-source software. This means we don't know how secure and trustworthy they are, we can't verify if they abide by their own privacy policies, we don't know if they share our information with third parties or track our activities online, etc.
</p>
<p>
<strong>This is a problem.</strong>
</p>
<p>
The solution is to make the services we use as transparent as the software powering those services. Open source code is not enough. We also need open operation of the services we use.
</p>
<p>
As ops folks ourselves, we realize that there are huge challenges involved in making "open deploy" as common as "open source": radical transparency from the hardware and operating system levels all the way up to the application itself; open architectures for deployment, including virtual machines, containers, data flows, and encryption in motion and at rest; documentation and verification of software builds, automated tests, and deployment scripts; and much more.
</p>
<p>
Traditionally, many of these operational details have been hidden from prying eyes in the name of security: if hackers knew how the service was deployed, they would more easily be able to break in. Yet similar thinking once applied to software code, too. We have discovered that open source code improves security, and we have reason to believe that open deployment will improve security, as well.
</p>
<p>
The open source community has progressed mightily over the last 20+ years and has slowly established best practices such as forking, pull requests, and issue tracking. The open deploy community is still in its infancy and will require similar practices, which have yet to be developed. Some of these practices might borrow from the open source community, and some might be entirely new. That's part of the fun.
</p>
<p>
Let's get to work, shall we?
</p>
</div>
</body>
</html>