How to secure critical open-source code against memory safety exploits by automating code hardening at scale| Institute for Progress
Sneaky git commits| tavianator.com
The gnulib project publish a git bundle as a stable archival copy of the gnulib git repository once in a while.| blog.josefsson.org
The gnulib project publish a git bundle as a stable archival copy of the gnulib git repository once in a while.| Simon Josefsson's blog
Years ago, I read The Pull Request Hack, a blog post advocating for a radical way of collaborating on FOSS: “Whenever somebody sends you a pull request, give them commit access to your project.” The| antonin.delpeuch.eu
Motivation| Michael Catanzaro's Blog
Motivation Opportunity is upon us! For the past few years, the desktop Linux user base has been growing at a historically high rate. StatCounter currently has us at 4.14% desktop OS market share for Q2 2025. For comparison, when Fedora Workstation was first released in Q4 2014, desktop Linux was at 1.38%. Now, StatCounter measures...| Michael Catanzaro's Blog
Although the website that is insisting I use MFA if I want to use| utcc.utoronto.ca
Remember the XZ Utils backdoor? One factor that enabled the attack was poor auditing of the release tarballs for differences compared to the Git version controlled source code. This proved to be a useful place to distribute malicious data.| Simon Josefsson's blog
Learn how the new conan audit command helps you detect CVEs in your C++ dependencies, ensuring a more secure development workflow.| blog.conan.io
One of life’s great pleasures is trust: having confidence in another person| tratt.net
Recently, a number of people have expressed desire in "taking over" [1]| blog.ian.stapletoncordas.co
yY6 xj7Y`Û = xj7Y`Û W zU7hE5ÈÁ| oxidase.github.io
Responding to The Linux Cast's Vitriolic Diatribe| rldane.space
Just like that, BazelCon 2024 came and went. So… it’s obviously time to summarize the two events of last week: BazelCon 2024 and the adjacent Build Meetup. There is A LOT to cover, but everything is here in just one article!| Julio Merino (jmmv.dev)
This blog talks about how we protect our workloads against supply chain attacks, specifically by achieving bit-by-bit reproducible builds, and how we have adopted Nix an alternative to Docker for build environments.| Monzo
tl;dr| Gnome home
Über ein Monat ist vergangen und wir wissen immer noch nicht viel über die Hintergründe und Hintermänner der xz-Backdoor. Dies, obwohl die Lücke im besten| Das Netz ist politisch
