James Smith @Floppy

Recent searches

Search options

Only available when logged in.

**James Smith** @Floppy · Mar 30, 2024

Mar 30, 2024

re: xz

In a dream world, we'd be able to pay an open source tithe somewhere that gets automatically split up between all the open source dependencies we're reliant on, all the way down. And if a project isn't set up to receive the money, it gets held in trust until it is.

I know this is an incredibly hard problem, but I really really hope someone is working on it. It's all open source; we can KNOW what we're running, surely.

**bob** @bob · Mar 30, 2024

Mar 30, 2024

bob @bob

@Floppy sboms finally have a purpose.

James Smith @Floppy@mastodon.me.uk

@bob

The "always has been" meme. Two people in spacesuits are floating in front of the earth. The one in front says "sboms finally have a purpose". The one behind is pointing a gun at the back of the one in front, saying "always did".

Mar 30, 2024, 11:33 AM··Web

2boosts·2favorites

**Tane Piper ⁂** @tanepiper@tane.codes · Mar 30, 2024

Mar 30, 2024

Tane Piper ⁂ @tanepiper@tane.codes

@Floppy @bob @www.jvt.me I've been banging on for months we need SBOM for everything we ship, and even now I'm working on improving our CI/CD pipelines to actually ship binaries in highly controlled images instead of source + packages so we minimise what we ship - keep everything potentially insecure at the build level. Looks like I'll keep working on it...

Drag & drop to upload

Recent searches

Search options

Administered by:

Server stats:

Recent searches

Search options

Administered by:

Server stats:

Back