Here's a thorough analysis of all the commits by "Jia Tan" from 2023-08 through 2024-03, showing the many legitimate code changes done before the introduction of the #xz#backdoor:
heading to #openssf community day as part of #ossna#osssna summit. come say hi to talk about #swift, #pkl, the cool stuff i’m up to, or #opensource governance today or throughout the week
The OpenSSF is supposedly an important organization of experts, but I only know two things about them: the scorecard that has been unhelpful for Flask for years, and the terrible post about xz. Here's what overworked maintainers actually need from a group of security experts: direct long term contribution, to teach and improve a project's security. Don't just show us a big list of extra work, directly contribute to help us fulfill the list. #OpenSource#OpenSSF
🔒 #CISA teams up with #OpenSSF to introduce a framework called "Principles for Package Repository Security," aimed at fortifying open-source software ecosystems against cyber threats.
At #OpenSSFDay the US government is praised for their effort for supporting software security through #FOSS. Rightfully so. I know in Europe the European Commission and national government are doing great things as well including through #NGI via #NLNet Would be great of this can be highlighted some way, perhaps through collaboration with #OpenSSF