[adiian]

On one side it makes sense to have a public repository like git used for this, but having a private company being responsible for this it's bit strange.

The fact that a pull request was accepted was now that strange because it could have been done by the council representative.

For this kind of use case it would make more sense to me some sort of block chain, not controlled by a single company.

"This isn’t a copy of the DC law. It is an authoritative source. It is where the DC Council stores the digital versions of enacted laws, and this source feeds directly into the Council’s DC Code website at https://code.dccouncil.us/dc/council/code/."

[Rotten194]

Why would you use a blockchain? There's already a central authority - the DC city government. They should just host their own git instance.

[misterhtmlcss]

I'm willing to bet GH is being mirrored internally as you suggest otherwise you'd be exposing the only current digital copy to hackers. That just seems a reasonable expectation to me.

So the activity is likely happening on the larger and more exposed GH service, while internally there is a daily copy bring backed up that isn't (as) exposed to hackers.

Something life that would be a great way to displace risk.

[zanny]

But thats not how git works. Everyone who uses the repo has a copy of it. Even if you hack GH the worst possible outcome is a hard reset of the repo, which would break pulls anyway. Unless a literal city council thinks its a good idea to not have local copies of their own law source code they are modifying regularly or something.

[gregknicholson]

> Unless a literal city council thinks

Doesn't seem likely.

Seriously, I'd imagine they treat it as “someone else's problem” — like backups.

If GitHub gets hacked, I imagine their plan is “be affronted, and sue”. When GitHub's lawyers point out that the terms of service don't guarantee anything, the plan says “be even more publicly affronted that GitHub refuses to take responsibility, while taking no responsibility”.

[casual_slacker]

There are cases in history where records offices were held in rebellion for political purposes. A blockchain would change means of control of records from violence to compute power.

[1] https://en.wikipedia.org/wiki/Texas_Archive_War

[umanwizard]

Whoever has the ability to do violence will always have ultimate control. They could just force everybody to start accepting a different blockchain.

[PhasmaFelis]

Relevant xkcd. https://xkcd.com/538/

[PhasmaFelis]

For these purposes, the blockchain is just a fancy way to maintain accessible backups. It doesn't give anyone but the government "control". The law is always what the government in power says it is, pretty much by definition.

[Klathmon]

To be fair, I don't think anyone believes that this is the one and only source of the law in all forms. As in if GitHub suddenly started changing it on their own, we wouldn't all throw up our arms and resign to our new GitHub overlords.

It would be treated no differently than someone else trying to tamper with the written law in any form.

[amelius]

Github is just the storage medium.

It's a bit like saying that the paper on which the law is printed may not be produced by a private company, which of course, doesn't make sense.

[seba_dos1]

Paper -> Git. I don't think anyone has any problem with using Git as a medium.

The only bookstore chain where you can find the trusted, canonical copy of the book -> GitHub.

The government should host the canonical copy itself. Then, and only then, it can be replicated to any other commercial service willing to host a mirror. Be it GitHub, BitBucket, GitLab, sr.ht or anything else. Git architecture is so well suited for it that it's particularly striking to not see it done there.

[dgreisen]

Even if the canonical copy were hosted on the Council's website, you would still be trusting the hosting provider, the DNS system, and the certificate authority - all private entities.

What is needed is cryptographic authentication so that the git servers can be completely untrusted. This is also necessary to comply with the Uniform Electronic Legal Material Act (adopted by DC here: https://code.dccouncil.us/dc/council/code/titles/2/chapters/...). We will be rolling out such a system based on TUF in Q1 2019.

[seba_dos1]

Although it's important matter, it's not only about the trust. I wonder what, for instance, GitLab could have done in order to get this kind of advertisement coming right from the Council.

Regardless, I would expect hosting, authoritative DNS and certificate to all be handled by the government itself. It's not a startup that's getting free vouchers for AWS to burn, public infrastructure should be either handled internally, or via some public auction on government's terms.

[true_religion]

I do not know why it matters. Why bother adding expenseses to a government department when they can simply pay someone to do the work. Github is a private company. It is subject to the government, not the other way around...

It is really common for the government to outsource this kind of thing, and most times it results in users paying fees to the private company for access. With GitHub, no fees are necessary. So win win.