Happy belated new year, everyone!
I want to start by saying that I am grateful to be a part of the open source community with you all and look forward to continuing to work together to make impactful open source contributions even better in 2023.
Contributors: Duane O'Brien, Abby Cabunoc-Mayes
Duane O'Brien had the opportunity to speak at GitHub Universe and recorded a fireside chat with Abby Cabunoc-Mayes where he discussed his approach to leading funding initiatives for Indeed's Open Source Program. Duane wished they had discussed the need for broader visibility into shovel-ready projects that will improve open source infrastructure, and that for this to work well, fundable improvements must be discoverable at scale and have a meaningful story. The author is encouraged by the discussions and activity in the open source funding space and hopes to explore this area more in the coming year. They suggest organizations should frame the conversation around benefits to the funding organization, rather than sponsorship and to personally thank people in the open source world for their contributions.
Contributor: Ergo Sumana
If I had read this headline a year ago, I would have scratched my head and possibly rolled my eyes, but now working for a Code Intelligence company for the past 11 months, I learned that there are a lot of Gitservers out in the wild that do not get accounted for. See Fedora, for example. In less than a year, they added over 2,000 more repositories to their infrastructure (Fedora Package Sources).
Contributor: Olaf Kolkman
Olaf Kolkman believes that the Cyber Resilience Act (CRA) proposed by the European Commission needs an amendment to avoid damage to the open source software ecosystem. The regulation should be modified to make it clear that software produced under an open-source license and distributed on a not-for-profit basis is out of scope for the regulation, in line with previously stated objectives of the European Commission. The author expresses concerns that the compliance with the act's expectations, which include the ability to perform updates, follow diligent software development practices, and the assessment of cybersecurity risks may stifle open-source development and the development of the Internet, which depends intensely on open-source software and systems. They argue that a possible unintended outcome of this regulation could be that developers of open-source software outside the internal market will geographically restrict access to open source code, simply because they do not want to be liable for not complying to EU regulation, and that compliance costs may be too high for developers inside the market, which could be a disincentive to share their ideas and innovations.