Kaylin Trychon

Latest from the brilliant @ariadne:

Understanding the relationship between FOSS and the “software supply chain”

https://www.chainguard.dev/unchained/understanding-the-relationship-between-foss-and-the-software-supply-chain

Her top 3 takeaways for software distribution:

🙅Nobody can prevent you from writing your own software
🗣️Consumers can ask you for things, but they can't require them
🤝If you want to distribute your software via a particular channel, you need to follow that channel's rules

Understanding the relationship between FOSS and the “software supply chain”

Software supply chain: understand the relationship between software distributors and software consumers and what FOSS maintainers are or are not responsible for Everything you need to know about securing the software supply chain.

Jan 20, 2023 at 8:13pmWeb
Show threadAriadne Conill 🐰Jan 21, 2023

@ktrychon

to expand and put it more directly: supply chain problems are for the people making supply chains out of shit they downloaded from the internet, which are not necessarily the same people as the people writing the software.

and if you cannot handle the burden of building and clearing your own supply chain derived from shit you downloaded from the internet, maybe you should work with people who actually do this for a living rather than bothering random developers to fill out forms for your benefit.

but if you want a third party to distribute your software and they want you to fill out forms or use 2FA or sign things, well, that’s the deal you agreed to when you decided to let that third party be your point of distribution.