Conversation

Notices

1. Embed this notice
   Dmitry Borodaenko (angdraug@mastodon.social)'s status on Saturday, 30-Mar-2024 15:34:17 JST Dmitry Borodaenko

   in reply to

   Still accurate.

   Context of the day: https://www.openwall.com/lists/oss-security/2024/03/29/4

   "openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma."

   No, systemd is not the root cause. The root cause is the sorry state of funding FOSS that leaves even core system components crumbling under tech debt.

   We already had that conversation after Heartbleed. We still haven't solved it.

   • Embed this notice
     Dmitry Borodaenko (angdraug@mastodon.social)'s status on Saturday, 30-Mar-2024 15:34:18 JST Dmitry Borodaenko

     It's ok to summarily block people spreading FUD and conspiracy theories about #systemd.

     Haelwenn /элвэн/ :triskell: repeated this.
   • Embed this notice
     Dmitry Borodaenko (angdraug@mastodon.social)'s status on Monday, 01-Apr-2024 05:32:05 JST Dmitry Borodaenko

     • this.ven

     @thisven Thank you for asking! As an individual, set aside a donations budget you're comfortable with, and divide it between large organizations supporting core infrastructure (e.g. SFC, SPI, Mozilla) and individual projects you rely on. Support admins of your Fedi instance. If you have time to spare, help with documentation, bugs triage, translations. As an organization, invest in keeping your entire dependency graph healthy, not just leaf tools you use.