Congratulations to Andreas Tille our newly elected Debian Project Leader. #debian https://micronews.debian.org/2024/1713587115.html?utm_source=dlvr.it&utm_medium=mastodon #debian
https://pleroma.debian.social/notice/AgxNumuReyXE2AokMa
Wow, this really is something! A letter to The Times by a former *Tory MP* on the Angela Rayner story.
OpenTofu denies plagiarism.
https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/
On Friday I gave a talk at @CypherCon about the mind boggling size of open source
I want to also share the deck here because I think this is a super huge deal
There are A LOT of organizations (governments, foundations, companies) that are trying to create rules and regulations for open source use
And none of them understand how huge it is. And it's not just the size, it's also growing faster than we can possibly keep up (for example there are more than 9000 releases every day. Good luck auditing that)
Anyway, there's no happy ending here, the presentation was really just meant to frame the problem because we're currently working on solutions to a problem we think is hundreds of magnitudes smaller than it really is
Thanks to @ecosystems for the data
https://docs.google.com/presentation/d/1exE08fUUra34FtlGaAk_kD4GSFuOftxej7DtQib_lus/edit
I think we're approaching this collective brainstorming all wrong. We're not going to solve the xz problem by throwing pennies at burnt out over worked hobby maintainers or by making them jump through extra bureaucratic hoops in the name of security theater. There's only one reasonable solution here and it's to turn maintaining critical open source projects into REALITY TELEVISION.
Once I realised that quite a few people not only don’t enjoy reading or writing, many actually resent it and consider one, the other, or both to be the biggest chore at work, a lot of things clicked into place about both generative models and how people read
I have just realised that the one benefit to the amount of disinformation, lies & LLM rubbish that swirls around the internet these days is that April Fool's 'pranks' don't make a dent. No requirement to be extra vigilant, because that level of attention is required every sodding day.
While #xz has people talking about issues with binary test files etc in source repos, and issues with using tarballs that can vary from git, doing a `git clone` and building in there is *also* exposed to a huge amount of binary data.
Including binary data hidden inside #git commit objects, for example. Also git blobs are zlib compressed so might be possible to smuggle in extra binary data at the end. Possibly also at the end of tree objects, I don't remember if git checks for that.