Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/Conan_Kudo/statuses/109615245535840865">Neal Gompa (ニール・ゴンパ) :fedora: (conan_kudo@fosstodon.org)'s status on Saturday, 16-Dec-2023 00:40:57 JST</a><a href="https://fosstodon.org/@Conan_Kudo" title="conan_kudo@fosstodon.org"><img src="https://gnusocial.jp/avatar/109215-48-20230416033104.webp" width="48" height="48" alt="Neal Gompa (ニール・ゴンパ) :fedora:" style="position: absolute; left: 0; top: 0;">Neal Gompa (ニール・ゴンパ) :fedora:</a><div><ul><li><li><a href="https://gnusocial.jp/user/83631" title="di4na@hachyderm.io">Thomas Depierre</a></li><li><a href="https://gnusocial.jp/user/115862" title="andy@social.seattle.wa.us">Andy Nortrup :cascadia: 🌳</a></li><li><a href="https://gnusocial.jp/user/202539" title="pnathan@social.seattle.wa.us">ꙮ ⚗️ pnathan ⚗️ ꙮ</a></li></ul></div></section><article><p><a href="https://fosstodon.org/@doctormo">@doctormo</a> <a href="https://social.seattle.wa.us/@andy">@andy</a> <a href="https://hachyderm.io/@Di4na">@Di4na</a> <a href="https://social.seattle.wa.us/@pnathan">@pnathan</a> The correct answer is that as soon as you know you have *one* system that it matters on, you should be funding it. For each extra system, you can incrementally add to it. The problem with all the existing solutions is that they are all designed to figure out how much you can ignore, not how much you should support. The attitude is just wrong for SLSA, SBOM, etc. Everyone just does risk assessments because nobody wants to actually fix the problem.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2457688#notice-4862112">In conversation</a><time datetime="2023-12-16T00:40:57+09:00" title="Saturday, 16-Dec-2023 00:40:57 JST">about a year ago</time> <span>from <span><a href="https://fosstodon.org/@Conan_Kudo/109615245535840865" rel="external" title="Sent from fosstodon.org via ActivityPub">fosstodon.org</a></span></span><a href="https://fosstodon.org/@Conan_Kudo/109615245535840865">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Neal Gompa (ニール・ゴンパ) :fedora: (conan_kudo@fosstodon.org)'s status on Saturday, 16-Dec-2023 00:40:57 JSTNeal Gompa (ニール・ゴンパ) :fedora:
@doctormo @andy @Di4na @pnathan The correct answer is that as soon as you know you have *one* system that it matters on, you should be funding it. For each extra system, you can incrementally add to it. The problem with all the existing solutions is that they are all designed to figure out how much you can ignore, not how much you should support. The attitude is just wrong for SLSA, SBOM, etc. Everyone just does risk assessments because nobody wants to actually fix the problem.
In conversationabout a year ago from fosstodon.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice