Thomas Depierre

In the light of the xz stuff, I will recommend, again, that people try to internalise this before responding.

Your model of how this whole stuff work is probably not useful. Accept it, even if you are supposed to be really good at this. Sit this one down. Don't say your hot takes. Come talk to me instead and let's talk. Please.

You. Are. Not. Helping.

https://www.softwaremaxims.com/blog/not-a-supplier

I am not a supplier

For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.

Musings about software
Mar 30, 2024 at 6:13amWeb
Show threadThomas DepierreMar 30, 2024

And if you really want to do a hot take or come up with a solution, please start by reading this and using the framework i offer at the end. I implore you.

https://www.softwaremaxims.com/blog/remove-constraints

Remove Constraints To Get Results

We look at the world and make decisions for our actions through models. Depending on the context, some models will be more fruitful to apply than others. There is a model that I have found tremendously helpful, in particular, when discussing “open source supply chain” but also more regularly as an SRE. I dub this model Goals/Capability/Constraints. It evaluates action far differently than most models applied to these domains. The main recommendation it nearly always offers is to “remove constraints”.

Musings about software
Show threadarclightMar 30, 2024
@Di4na Would it be inaccurate to think of this as making it easy to do the right thing? It's not the same as changing incentives - carrot & stick don't work because they presume the carrot is of sufficient value and aligns with the workers' goals (and which workers?). As you note, adding a stick as a constraint just makes the overall work more difficult and doesn't magically open an alternative workable and better path.
Show threadThomas DepierreMar 30, 2024

@arclight that is one thing that can help but it is not always that simple. Sometimes there are no right thing, but there are still things that orient what you can do.

Like using a shortcut you can only use once, but with no downside, in order to be on time. By like 5min.

How important are these 5min vs being able to use that shortcut later?

Show thread🐧na|\/|3Apr 4, 2024

Nice takeaway for all big tech companys:
"You want me to work a certain way, I am more than happy to do it. But to do that, I am going to have to become a supplier. Which means you are going to have to start to pay me. [...] Until then, I am not your supplier. [...] You are not buying from a supplier, you are a raccoon digging through dumpsters for free code. So I would advise you to put these rules in the same dumpster. And remember. I am not a supplier. Because

THIS SOFTWARE IS PROVIDED 'AS IS'
"
@Di4na #FOSS #OpenSource #FreeSoftware #SoftwareDevelopment