packagistRE: https://phpc.social/@sebastian/116589950111688997
Yet another way @yossarian saves the day with Zizmor
| GitHub | https://github.com/SMillerDev |
| Web | https://seanmolenaar.eu |
| https://www.linkedin.com/in/seanmolenaar/ |
@SMillerNL
- 38 Followers
- 155 Following
- 237 Posts
Long time Homebrew maintainer and Nextcloud News maintainer. Working as Dev and Ops at Framna in Amsterdam.
We recommend you change the default permissions for GitHub Actions GITHUB_TOKENs to read only. Explicitly grant elevated permissions only where strictly necessary. Use zizmor to analyze your GitHub Actions: https://github.com/zizmorcore/zizmor see also @sebastian on zizmor: https://phpunit.expert/articles/hardening-github-actions-workflows.html
Nils AdermannRE: https://social.lfx.dev/@openssf/116527089393674087
Open infrastructure isn't free. š±
Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.
Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.
#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability
Natasha 
šŖšŗ
Jesus M. Gonzalez-BarahonaWhat happens when you leave port 22 (ssh) open on the Internet for 54 days. Stories from a honeypot https://arman-bd.hashnode.dev/i-left-port-22-open-on-the-internet-for-54-days-here-s-who-showed-up
wohali
Does anyone have a TMRNL? They look cool, and I want one. So looking for some reviews on it before I buy.
Some justification for my wife why I need one would also be appreciated, not sure I can come up with a convincing enough reason š
https://shop.trmnl.com/collections/devices/products/trmnl
stfn@maaikees I have a strong belief that the most important part of software development is communication with other people, coding skills are often secondary
Tilton Raccoon
RE: https://mastodon.social/@mikemcquaid/116250437597345663
10x slowdown sounds crazy, but after reading it... maybe not so crazy.