Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/donmccurdy/statuses/113512775802077660">Don McCurdy (donmccurdy@fosstodon.org)'s status on Wednesday, 20-Nov-2024 13:20:30 JST</a><a href="https://fosstodon.org/@donmccurdy" title="donmccurdy@fosstodon.org"><img src="https://gnusocial.jp/avatar/140905-48-20230630174924.webp" width="48" height="48" alt="Don McCurdy" style="position: absolute; left: 0; top: 0;">Don McCurdy</a></section><article><p>I've been expecting something like this since the XZ hack, but still ... frustrated/annoyed/sad to see Microsoft and 13 (!) partners jointly announcing that their answer is to “educate” open source maintainers.</p><p>It's nice that they're compensating maintainers for the time spent on that training, but ... compliance with corporate security policies is still a whole lot of ongoing, unpaid work after that? Sigh.</p><p><a href="https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/" rel="nofollow noreferrer">https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4033170#notice-7881275">In conversation</a><time datetime="2024-11-20T13:20:30+09:00" title="Wednesday, 20-Nov-2024 13:20:30 JST">about 2 days ago</time> <span>from <span><a href="https://fosstodon.org/@donmccurdy/113512775802077660" rel="external" title="Sent from fosstodon.org via ActivityPub">fosstodon.org</a></span></span><a href="https://fosstodon.org/@donmccurdy/113512775802077660">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3527348">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Don McCurdy (donmccurdy@fosstodon.org)'s status on Wednesday, 20-Nov-2024 13:20:30 JST Don McCurdy
I've been expecting something like this since the XZ hack, but still ... frustrated/annoyed/sad to see Microsoft and 13 (!) partners jointly announcing that their answer is to “educate” open source maintainers.
It's nice that they're compensating maintainers for the time spent on that training, but ... compliance with corporate security policies is still a whole lot of ongoing, unpaid work after that? Sigh.
https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/
In conversationabout 2 days ago from fosstodon.orgpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice