With Ⓞrbit shutting down, the importance of open-source is even more obvious. People who used it (including us at Wasp) are left with only a JSON.

It seems like there is a gap for a good, modern open-source community tracker. Anybody care to build one?

Key takeaways:  More general funding moderately correlates with better security practices in open source projects 🔓

This trend occurs across multiple Scorecard checks, not just a single security practice. Also cool? More funders backing a project, stronger correlation!

A research perspective on trying to answer the question does more money = more secure for oss

🚨NEW ISSUE BRIEF🚨: Can money help open source software security? A new Cyber Statecraft paper by John Speed Meyers, Sara Ann Brackett, and Stew Scott looks at the funding and @OpenSSF Scorecard scores of top npm and Python packages. 💵🔐💻

PyPI now has three new Trusted Publishing, thanks (in part) to our work at Trail of Bits! This realizes our goal of expanding Trusted Publishing to compute environments outside of GitHub Actions:

blog.pypi.org/posts/2024-04-…

Kicking off Continuous Delivery Foundation (CDF) #cdCon with Dadisi Sanyika #ossummit keeping the community up to date on what’s happening in the foundation!

🥳Great to see the many familiar and fresh faces ready to commit their energy to help improve the industry's delivery practices.

“Changing the license doesn’t work. Why build a moat in the age of flight?” Kelsey Hightower #OSSummit

Open source: come for the innovation, stay for the trolling

This has been one of the most exciting projects I've worked on. Thanks to Cybersecurity and Infrastructure Security Agency and DHS S&T for enabling its development with such a wonderful initiative. And to OpenSSF, our new home 😊

Gotta love Madelyn Olson's choice of Taylor Swift's 'We Are Never Ever Getting Back Together' as the walk on music for the Valkey keynote 🤣🤣🤣

#OSSummit Valkey

Reading the HashiCorp Cease & Desist letter in opentofu.org/blog/our-respo… makes me sad.

The response from OpenTofu is fair and kind. A project and community well worth contributing to IMHO.

Breaking news n°2 🥳

The 8th of May for CloudNativeCanada I will be at Montreal to present my brand new talk 'Understanding Kubernetes in a visual way' at OVHcloud Canada office ❤️

Ooh a new foundation, welcome! Excited to learn more.

I like the emphasis on succession planning - that is incredibly difficult to achieve in OSS and look forward to seeing how this is approached.

Happy Eclipse Day to those who celebrate!

Hashicorp reminding us what 'BS' in 'BSL' stands for 💩

Thoughts on xz backdoor. 1) Lack of a robust identity system on github (except when there is a tie-in to an organization which is slightly better). Anyone can create as many sock puppets accounts to do code reviews, nudge maintainers to add someone malicious as co-maintainers,…

Blizzards, tremors, and a solar eclipse next Monday - this is quite the eventful week

You can always count on killer recaps from Daniel Bryant.

In this Syntasso post, he looks back at Kubecon and sees a lot of focus on 'platform as product.'

syntasso.io/post/kubecon-e…

Jia Tan found a way to get paid to work on open source. Why can't you