Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Jens Bannmann (tynstar@nerdculture.de)'s status on Wednesday, 03-Apr-2024 19:35:08 JST Jens Bannmann
- Tim Bray
Any experienced C developers among my followers? #BoostsWelcome.
Expat, arguably the world's most popular #XML parser, is understaffed and without funding. As #xz has shown, situations like this are dangerous.
Last month, maintainer Sebastian Pipping put up a plea for help at https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes
(I would help myself, but my C skills barely surpass "Hello, World".)
Found via @timbray - https://cosocial.ca/@timbray/112203547801373427
#libexpat
#SoftwareSupplyChainSecurity #OpenSource #OpenSourceMaintainer
#C
In conversation Wednesday, 03-Apr-2024 19:35:08 JST from nerdculture.de permalink
Attachments
1. Untitled attachment
2. No result found on File_thumbnail lookup.
  
  Tim Bray (@timbray@cosocial.ca)
  
  from Tim Bray
  
  I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale. So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI

Feeds