Josh BressersI love the hot takes that this Trivy debacle will be the end of open source
Heartbleed didn't kill open source
Log4Shell couldn't get the job done
xz tried and failed
This won't kill it either
Free is too good of a deal
I wrote this up in a bit more detail in a clickbait titled article
Eulogy for open source
Thank you for clicking on the clickbait! What a year it’s been. It seems like open source is under constant attack. The security people don’t know what’s going on anymore. What day is it? It doesn’t matter. The latest open source mess is the popular open source scanner Trivy being compromised, for a month, then other open source projects downstream in the “chain” getting compromised, which will probably lead to more things getting compromised until we get back to Trivy someday. Then I think we have to call it a supply wheel. I’m not sure how these rules work.
Thomas Depierre@joshbressers i see that you are using my technique for anger management, seeing some of your takes there :D
@joshbressers also re affecting someone in power. Solarwinds happened and scared the feds to death. Guess what, no real outcome. The SBOM stuff was killed a few months ago by the Trump admin after nearly no results and noone even cared.
@joshbressers also i think i have some ideas on how to fix the burnout. Doesn't mean we will do it, but i think i have a case now