On 2025-07-16 at 16:57:59, Harrison, Latasha wrote: > Hello, Hi, > I hope this message finds you well. My name is Latasha Harrison, and I’m a Project Manager with Hillsborough County Public Libraries. > We are planning to install your software on select staff computers, and as part of our standard procedure, our IT department requires completion of two brief documents: a Cybersecurity Questionnaire and software questions. I can attach both forms for your review. If there's a specific team member who handles these requests, please let me know, or feel free to forward this directly to them. We appreciate your help in supporting our security compliance process and look forward to moving ahead with the installation. Let me know if you have any questions. I'm certainly glad to hear that you'd like to use Git, especially for a public library[0]. However, we are an open source project and many of our contributors are volunteers. The Git project is legally part of the Software Freedom Conservancy, a nonprofit that provides a legal framework for our project, but no paid staff to respond to inquiries on behalf of the project. It's generally considered impolite to ask contributors to open source projects to fill out paperwork, since this paperwork is different for every company, it doesn't really benefit us or the project in any way to do so, and it would take so much time that we wouldn't have any time to do anything else like write code or maintain the project. Instead, we ask that you take on that responsibility since it's your organization that has this policy. As I mentioned above, there are no team members or other people that the project pays to work on it or answer inquiries, although some companies do employ paid staff to contribute to Git (but not to address paperwork matters). Note that the Git project doesn't ship anything but source code. If you're installing a compiled version, that probably comes from somewhere else. On Windows, that's usually the Git for Windows project; on macOS, it's Apple or something like Homebrew; and on Linux, it's usually the Linux distro itself. If you have a contract with Apple or a Linux distro (such as Ubuntu), they might be willing to fill out that paperwork, but in general, the other distributors, like most other open source projects, will not want to do so. I am very certain that the Git for Windows maintainer in particular will not appreciate such a request, since they are very busy and have lots of pieces to maintain as part of Git for Windows[0]. However, if your version of Git is distributed by your OS vendor, you may not need this paperwork at all since it comes directly from them, depending on your policies. Hopefully your IT department will understand that we can't fill out these documents, since it applies to almost all open source software (which is something that IT staff should be familiar with in this day and age). I will note that we've had other government organizations that have asked for similar things and we've given them a similar response, so hopefully that's helpful. I'll note that Git is in use in a variety of governmental agencies across the world[1], all without the need for us to fill out any questionnaires. Best of luck in your rollout of Git. [0] I'm a huge fan of libraries and started programming at six years old based on books from the local library. [1] Including, among others: 18F, a (former) U.S. government agency (https://github.com/18F/18f.gsa.gov) The Government of Canada (https://github.com/canada-ca) Various agencies of the European Union (such as https://github.com/eea and https://github.com/eurostat) -- brian m. carlson (they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
