Happy belated new year, everyone!

I want to start by saying that I am grateful to be a part of the open source community with you all and look forward to continuing to work together to make impactful open source contributions even better in 2023.

Non-Code Contributions

Contributors: Duane O'Brien, Abby Cabunoc-Mayes
Looking Back At My GitHub Universe Talk, And Looking Ahead To 2023
Earlier this year I had the opportunity to speak at GitHub Universe. Abby Cabunoc-Mayes (GitHub) and I recorded a great fireside chat, where I dug into the approach I’ve taken in leading the various funding initiatives associated with Indeed’s Open Source Program. If you’ve ever wanted a deep dive i…

Duane O'Brien had the opportunity to speak at GitHub Universe and recorded a fireside chat with Abby Cabunoc-Mayes where he discussed his approach to leading funding initiatives for Indeed's Open Source Program. Duane wished they had discussed the need for broader visibility into shovel-ready projects that will improve open source infrastructure, and that for this to work well, fundable improvements must be discoverable at scale and have a meaningful story. The author is encouraged by the discussions and activity in the open source funding space and hopes to explore this area more in the coming year. They suggest organizations should frame the conversation around benefits to the funding organization, rather than sponsorship and to personally thank people in the open source world for their contributions.

Contributor: Ergo Sumana
What You Miss By Only Checking GitHub
Too many researchers, entrepreneurs, marketers, open source sustainability activists, and commentators assume that activity on GitHub and data from the GitHub API is a reasonable proxy for activity in and data about open source as … | Cogito, Ergo Sumana | Blog by Sumana Harihareswara, Changeset fou…

If I had read this headline a year ago, I would have scratched my head and possibly rolled my eyes, but now working for a Code Intelligence company for the past 11 months, I learned that there are a lot of Gitservers out in the wild that do not get accounted for. See Fedora, for example. In less than a year, they added over 2,000 more repositories to their infrastructure (Fedora Package Sources).

Contributor: Olaf Kolkman
The EU’s Proposed Cyber Resilience Act Will Damage the Open Source Ecosystem - Internet Society
The Cyber Resilience Act will impact the openness of the Internet by virtue of its impact on open source software development.

Olaf Kolkman believes that the Cyber Resilience Act (CRA) proposed by the European Commission needs an amendment to avoid damage to the open source software ecosystem. The regulation should be modified to make it clear that software produced under an open-source license and distributed on a not-for-profit basis is out of scope for the regulation, in line with previously stated objectives of the European Commission. The author expresses concerns that the compliance with the act's expectations, which include the ability to perform updates, follow diligent software development practices, and the assessment of cybersecurity risks may stifle open-source development and the development of the Internet, which depends intensely on open-source software and systems. They argue that a possible unintended outcome of this regulation could be that developers of open-source software outside the internal market will geographically restrict access to open source code, simply because they do not want to be liable for not complying to EU regulation, and that compliance costs may be too high for developers inside the market, which could be a disincentive to share their ideas and innovations.


Issue 41