Tornado reported north of Rigaud, Quebec at 5:40pm EST on the A-40. Report from Louise Power and Chantal MacKinnon. No damage reported. #qcstorm #onstorm

Believe it was somewhere in the circled area.

We are now publishing VEX documents for the enterprise distribution of Flux Project with the CVEs that do not affect the Flux controllers. github.com/controlplaneio…

Thanks OpenSSF for making maintainer's life easier with OpenVEX and vexctl 🤗

Forming a commercial partnership program at our nonprofit was complicated yet necessary to help underwrite the development of our critical JavaScript technologies. Thanks to our OpenJS Board, CPC and @HeroDevs for breaking the mold on open source sustainability.

Okay! Many folks have pinged me for the ground truth on the UniSuper thing and I now better understand exactly what went down, and WHEW am I relieved. 

Punchline: this failure mode cannot affect other Google Cloud users.

Lemme explain:

On the 19th of September, I am planning to attend the Continuous Delivery Foundation (CDF) mini summit in Vienna.
The CD mini summit is co-located with the Open Source summit Europe.

Submissions are open both for talk proposals and program committee members.

cd.foundation/blog/2024/05/0…

📣 Dependabot is now open source!
github.blog/changelog/2024…

For the last 6 months, my team at Trail of Bits has been working with A-O and OpenSSF to bring build provenance to Homebrew.

Today, I'm pleased to announce that our work is in public beta! Read about our design and how you can verify bottles today:

blog.trailofbits.com/2024/05/14/a-p…

This thread resonates. Better stuff (vaccines, platforms) comes along and if you are smart you move to it. That doesn't mean you made a bad initial decision. It just means that you always need to be open to change.

The same is very true of green platforms - greener stuff comes

Merkle Town is a great visualisation dashboard from Cloudflare for Certificate Transparency.

It's a fun way to understand the CT ecosystem: ct.cloudflare.com

The folks at Cloudflare are looking to revamp the dashboard. Please share any feedback you may have!

Tracy Miranda I'm not sure how reliable is this info to be honest. But I'm part of the on-call rotation and I'm a Chainguard employee. I also know another organization which is part of the on call rotation and it isn't mentioned either in that paragraph 🤔.

Oh, it really is a shame Chainguard no longer help operate the Sigstore public good instance.

Like open source maintenance, open source SRE is very challenging and the more hands, the better.

Many thanks to all those orgs who are keeping this very important service running!👏

Now, please, add support for gitsign'ed commits 🙏🏻

Early adopters of github attestions:
github.com/search?q=path%… (shout out stacklok !)

I don't see anyone signing a .deb yet, I was hoping to adapt some `cosign verify-blob` based stuff.

Yes, this is me. Thanks to Jenkins for putting me in the contributor spotlight.

Some thoughts on @ibm acquiring HashiCorp

medium.com/@fintanr/on-ib…

This is so cool!! Kelly Shortridge

'in-browser security decision tree tool Deciduous can be used to generate these attack trees as code.'

Andrew Martin ⚡☸️ Michael Hausenblas Hacking Kubernetes (p. 31). O'Reilly Media.

kellyshortridge.com/blog/posts/dec…

Nobody got fired for buying Terraform

If IBM decides to merge Terraform and Ansible, would that be Terrible?