Robert Gützkow

@[email protected]
62 Followers
125 Following
182 Posts
IT security, software engineering and digital art. he/him
Robert Gützkow6d ago
OWASP Foundation6d ago

OWASP Dependency-Track 5.0 is now generally available. Codenamed Hyades, v5 delivers the biggest redesign in project history: stateless, horizontally scalable APIs; durable execution that resumes BOM processing and vulnerability analysis after crashes; component integrity verification against upstream registry tampering; and a CEL-based policy engine. Early adopters processed 20,000+ SBOMs/hour. PostgreSQL is now the sole supported database.

https://dependencytrack.org/ #OWASP #SBOM

Robert GützkowJun 8
ForgejoJun 8

The #Forgejo monthly report was published ✨

Forgejo v15 was released, along with security releases. The Forgejo Security Team responds to community concerns. The Forgejo Runner had multiple releases, the Forgejo Helm chart v17 was released and the Forgejo v16 release is progressing.

https://forgejo.org/2026-05-monthly-report

Forgejo monthly report - May 2026

Robert GützkowMay 18
Thank you @forgejo and @Codeberg for developing and maintaining a great open source software. Recurring donations have been set up. #foss #git #cicd #devops
Robert GützkowMay 15
Will DormannMay 15

Are you sick of Linux vulnerabilities lately?
Good.

Here's ssh-keysign-pwn

You can read root-owned files from an unprivileged account. Concept publicly Reported by Jann Horn nearly 6 years ago. CVE unknown. Was patched in the Linux kernel 11 hours ago

Update: It's apparently CVE-2026-46333

It can be mitigated with:
sudo sysctl kernel.yama.ptrace_scope=2
Or more permanently, do whatever dance your distro supports. e.g. in /etc/sysctl.d/99-yama-ptrace.conf put:

kernel.yama.ptrace_scope = 2
Show threadRobert GützkowMay 12
Forgejo takes an entirely different stance to GitLab, as detailed in their CoC / contribution policy.
https://codeberg.org/forgejo/code-of-conduct
https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md
code-of-conduct

code-of-conduct

Codeberg.org
Show threadRobert GützkowMay 12
For context, the GitLab blog post the initial toot is referring to is: https://about.gitlab.com/blog/gitlab-act-2/
GitLab Act 2

A letter to our customers and our investors.

GitLab
Show threadRobert GützkowMay 12

Codeberg is offering a hosted Forgejo similar to gitlab[.]com and github[.]com in case you do not want to self-host. They are run by the non-profit Codeberg e.V., donations to it are tax deductible in Germany.

https://codeberg.org/

Codeberg.org

Codeberg is a non-profit community-led organization that aims to help free and open source projects prosper by giving them a safe and friendly home.

Codeberg.org
Robert GützkowMay 12

In light of the recent GitLab announcement, which raises questions about long-term software quality and security, it is worth mentioning that there are alternative open source solutions out there which are worth using and supporting.

Forgejo is an open source VCS platform that you can self-host. Its look closely resembles GitHub's and many of the features you know from GitLab and GitHub are available.

https://forgejo.org/

#git #devops #devsecops #foss

Forgejo – Beyond coding. We forge.

Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.

Robert GützkowMay 12
Blender StudioMay 11

SINGULARITY, the painterly space adventure and newest open movie by Blender Studio is now released!

Watch in on Youtube: https://www.youtube.com/watch?v=l5OZu-IrXpw

#b3d #OpenMovie #BlenderStudio #singularity

SINGULARITY - Painterly Space Adventure

YouTube
Robert GützkowMay 8
Tarah WheelerMay 8
@letsencrypt is in the middle of an active incident. Issuance of new certs has ceased. Heads up. https://letsencrypt.status.io/
Let's Encrypt Status

Support for Let's Encrypt services is community-based and information on current status and outages can be found at: https://community.letsencrypt.org