EnteAuth (and a bunch of other FOSS) take Microsoft's "free" money (github.blog)

submitted 1 day ago* (last edited 1 day ago) by kennedy@lemmy.dbzer0.com to c/foss@beehaw.org

6 comments fedilink hide all child comments

I'm moving away from using products by big tech and I recently started using EnteAuth for 2FA. Today I got an email from them saying that they received money as part of GitHub's secure open source fund. Maybe I'm just being paranoid but I do not like this at all. Microsoft is not altruistic I don't care what anyone says. There has to be an ulterior motive for this. With even the recent news that github won't be so independent anymore and they're getting folded into the Microsoft umbrella this has me worried. But let's be real github was never independent just look at copilot being forced down everyone's throat. That's why I personally stopped using it.

According to the fund

Throughout this program, each project receives $10,000 USD via GitHub Sponsors (which breaks down to $6,000 USD during the sprint and $2,000 USD at 6- and 12-month security check-ins). Projects are also invited to a new security focused community, and office hours with the GitHub Security Lab, that they can take advantage of during the full 12 months. They also receive security resources to immediately implement in their project and Azure credits for cloud infrastructure.

Those sponsors include

Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password

Projects that are part of this even include nodejs, nvm, log4j, JUnit, and Matplotlib. Taking cybersecurity seriously is great but this just seems like a way to sucker them into their ecosystem to get them dependent on their products. Like I said maybe I'm being paranoid but I wouldn't be surprise when Microsoft suddenly buys these projects and we lose what made them so great.

top 6 comments

sorted by: hot top controversial new old

[-] paris@lemmy.blahaj.zone 13 points 1 day ago

It's not altruistic, but the blog post outlines why they're doing this. Underappreciated volunteer-run dependencies can have security flaws that impact huge swaths of the tech sector. Investing a few grand now to secure those tools instead of significantly more money to do damage control after a vulnerability is found and exploited makes sense. It's a preventative measure that benefits the entire industry, GitHub and its parent company Microsoft included.

[-] Samsy@lemmy.ml 7 points 1 day ago

Reminder to gtfo and move to codeberg.

[-] sexy_peach@feddit.org 8 points 1 day ago

That's definitely what's happening but you might say it's fine, for now.

[-] kennedy@lemmy.dbzer0.com 5 points 1 day ago

its just so frustrating no matter what I do I can't get away from their dirty hands, even if I thought I was.

[-] sexy_peach@feddit.org 10 points 1 day ago

We will most likely never get away from capitals dirty hands, but we can try through individual and collective action.

Also: perfect is the enemy of good

[-] LemmyThinkAboutThat@lemmy.myserv.one 2 points 1 day ago

Ugh. I’ve been using Ente photos since I de-googled and gave myself until the end of summer to decide if I want to upgrade my subscription. All week I’ve been trying to figure out if how to migrate to Ente auth. Grrrr!

Thanks, OP!

this post was submitted on 13 Aug 2025

26 points (96.4% liked)

Free and Open Source Software

19893 readers

115 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

Gaywallet@beehaw.org

alyaza@beehaw.org