Notices by Thomas Strömberg 🚲🌳🛵 (thomrstrom@triangletoot.party)

Random research I published this weekend: If you fetch open-source software from a projects official VCS (git repo, for example), you reduce your exposure to supply-chain attacks by 68%

If you do the same for its dependencies, your exposure is reduced by 76%!

@sj congrats!

Stolen shamelessly from Reddit.

If anyone is looking for a security engineer position, DM me.

I’m looking for someone to join us at #Chainguard - who is: cozy with Linux, heavy into automation, comfortable contributing to open source, and not afraid of Cloud Native computing. This is a staff-level position: former software engineers or sysadmins may make a great fit. #FediHire

Big sad if true: I was planning to put an order in for an #Energica #Experia after #EICMA next month: https://www.revzilla.com/common-tread/electric-motorcycle-manufacturer-energica-reported-on-the-verge-of-closure

@jonathanspw

I'm grateful to hear that y'all upstreamed patches to the other distros - that's true open-source sportsmanship.

Out of curiosity I checked the patch timeline elsewhere:

- 2023-07-07: iperf security advisory w/ patch
- 2023-07-09: Alpine, Wolfi, Chainguard Images
- 2023-07-10: ArchLinux
- 2023-07-17: CVE published
- 2023-07-17: Debian stable
- Not yet: Oracle, RH

Unsurprisingly, the timeline follows the continuum of how each distro treats security vs stability.