Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/Di4na/statuses/109610607017869856">Thomas Depierre (di4na@hachyderm.io)'s status on Monday, 02-Jan-2023 00:25:17 JST</a><a href="https://hachyderm.io/@Di4na" title="di4na@hachyderm.io"><img src="https://gnusocial.jp/avatar/83631-48-20230101152518.webp" width="48" height="48" alt="Thomas Depierre" style="position: absolute; left: 0; top: 0;">Thomas Depierre</a></section><article><p>As a maintainer of OpenSource libraries and packages, there is something that kept feeling off in the whole Software Supply Chain discourse. I think this comes down to something simple. </p><p>I am not a Supplier.<br>You can read more explanation there <a href="https://www.softwaremaxims.com/blog/not-a-supplier" rel="nofollow noreferrer">https://www.softwaremaxims.com/blog/not-a-supplier</a></p><p><a href="https://hachyderm.io/tags/opensource" rel="tag">#opensource</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/973723#notice-2203512">In conversation</a><time datetime="2023-01-02T00:25:17+09:00" title="Monday, 02-Jan-2023 00:25:17 JST">Monday, 02-Jan-2023 00:25:17 JST</time> <span>from <span><a href="https://hachyderm.io/@Di4na/109610607017869856" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@Di4na/109610607017869856">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://www.softwaremaxims.com/blog/not-a-supplier#opensource">I am not a supplier</a></h5><div> from <span>@Thomas Depierre</span></div></header><div>For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Thomas Depierre (di4na@hachyderm.io)'s status on Monday, 02-Jan-2023 00:25:17 JST Thomas Depierre
As a maintainer of OpenSource libraries and packages, there is something that kept feeling off in the whole Software Supply Chain discourse. I think this comes down to something simple.
I am not a Supplier.
You can read more explanation there https://www.softwaremaxims.com/blog/not-a-supplier
#opensource
In conversationMonday, 02-Jan-2023 00:25:17 JST from hachyderm.iopermalink
Attachments
1. No result found on File_thumbnail lookup.
  I am not a supplier
  from @Thomas Depierre
  For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.

Public

Embed Notice

HTML Code

Corresponding Notice