Imagine you're in a Zoom meeting with Craig Newmark (yes, the Craigslist guy) talking about how to get S.4913 - Securing Open Source Software Act of 2022 to the President's desk and signed into law. That was my Friday afternoon. And yeah, I'm totally name-dropping because that is how excited I am. I have been in the open source sustainability game for a little over a decade, and I never thought policymakers and legendary entrepreneurs would ever care about the open source supply chain and community. But here we are.
With that said, we have a steep hill to climb. To become law, there will be a lot of work that the fine folks at Cyber Statecraft Initiative (Atlantic Council) are taking on. I hope they can convince our representatives that this isn't a partisan issue. If you live in the U.S., you are aware of the divisiveness present; it would be fantastic if we could all come together for this one issue since it affects all of our lives, whether we know it or not. I'm cautiously optimistic.
Whether it is S.4913 or another bill like it gets past, at least the glass ceiling has been broken. Before S.4913, there had never been a piece of legislation with "open source" in the title. That alone is a win, a small win, but still a win IMO.
This issue is dedicated to the team (that I've worked with) behind the Cyber Statecraft Initiative: Stewart Scott, Trey Herr, and Jen Roberts. Thank you for all of your hard work and invaluable non-code contributions.
š¬ Discussions
A handy guide to financial support for open source | Hacker News
Your description for this link...
š Links
nayafia/lemonade-stand: A handy guide to financial support for open source
Oldie but goodie.
š° Articles
Senatorsā Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source.
Open Source Dependencies: Is It the Holy Grail or a Can of Worms?
Do you ever wonder if you should include a third-party library in your code or not? Sometimes itās worth it, but mostly itās not. Hereās a quick way to tell: If the library is doing something youā¦
A New Linux Tool Aims to Guard Against Supply Chain Attacks
Security firm Chainguard has created a simple, open-source way for organizations to defend the cloud against some of the most insidious attacks.
Sponsoring dependencies: The next step in open source sustainability - Human Who Codes
When the JavaScript Standard Style (StandardJS) project1 decided to show ads during installation, the backlash was swift and harsh. The project is an opinionated JavaScript style guide, formatter, and linter all in one,...
š Podcasts
Deciding what metrics to measure for community managers with Bri, Lori, and Victoria
Our conversations take us through finding out how everyone got their start in community, and what numbers mean for our brands and what theyāll mean for open source health.
A How-to Guide for Contributing to Open Source as an Employee, for Corporations
Richard, Deb, Alyssa, Josep, and Duane go through work they presented at OSPOCon in Austin, furthering the Sustain Principles of Authentic Participation WG
Courtney Miller and Hongbo Fang on Toxicity and Information Flow in Open Source Communities
Courtney Miller and Hongbo Fang, two PhD students at Carnegie Mellon with previous guest Bogdan Vasilescu, join us to talk about their research
Manuel Riel on PikaPods, a container hosting service for open source apps
Manu shares about running a container hosting service for open source apps