Re: Do we want to talk about the value of Distribution Curating in the context of Open Source Supply Chain Issues
Hi,
On Tue, Mar 29, 2022 at 03:27:54PM -0600, Sam Hartman wrote:
>
> The latest is
> https://www.zdnet.com/article/hundreds-more-malicious-packages-found-in-npm-factory/
>
> Unfortunately, I've seen this turning into generally negative stories
> on open source supply chain reliability.
>
> I think that Debian tends to have a great response to such supply chain
> trust. Namely we build a community, and typically multiple people are
> involved in getting software into Debian.
>
> As a consequence, we aren't able to package everything. But I think we are
> much less likely to run into these sort of supply chain attacks. Mind, not
> impossible. But I think it would be good to talk about the advantages of
> Debian in this space.
>
> Any thoughts/interest?
Yes, I agree we have something valuable to contribute to this debate; and I
feel our point of view is underrepresented. And uhm.... "patches welcome":
e.g. in the form of blog post, interviews, ...
My 0,02
Bye,
Joost
Reply to: