All this talk about #xzorcist over the weekend, I want to also point out that... - Random

Conan_Kudo, 1 month ago

All this talk about #xzorcist over the weekend, I want to also point out that it's important to remember that the "software supply chain" largely does not exist in regards to open source, because most people have no real relationship other than parasitic consumption with the project.

@Di4na's great blog post on this topic explains it quite well: https://www.softwaremaxims.com/blog/not-a-supplier

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ juandesant, vascorsd, ljrk, oblomov +6 more

Image

Image alternative text

wrog, 1 month ago

@Conan_Kudo @Di4na

"You are not buying from a supplier; you are a raccoon digging through dumpsters for free code."

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ vascorsd

matk, 1 month ago

@Conan_Kudo @Di4na That "I am not a supplier" blog post is spot on!

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Conan_Kudo, 1 month ago

@matk @Di4na I'm getting very tired of the "software supply chain" talk because it's all wrong. This blog post crystallizes my feelings about it very well.

It's also fundamentally why I have such a problem with OpenSSF, SLSA, and SPDX. They've started imposing and normalizing this psuedo-relationship around open source consumption that I believe fundamentally damages the commons and the community.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ Di4na

Add comment