• 10 Posts
  • 21 Comments
Joined 1 year ago
cake
Cake day: August 8th, 2023

help-circle










  • GravelPieceOfSword@lemmy.caOPtoLinux@lemmy.mlFwupd Will Use Zstd Compression
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    9 months ago

    As with all definitions, there is a gray area where people will have different boundaries on exact meanings. To you - a supplier relationship needs an explicit payment, which is a fair definition.

    However, the more widely used definition that most people, including me, refer to, is not necessarily focused on the supplier, but on the supply - what we use in our toolchains is a supply - regardless of how it was obtained.

    When there is an issue in a trusted supply, even if it was not a commercial relationship (a prerequisite by your definition), it is a supply-chain attack by the more widely used definition.


  • The article states reasons which aren’t limited to what happened. I understand and agree with your sentiment about the supply chain issue being something that could happen anywhere - those were my initial thoughts too.

    The reasons for shifting are related to speed, other mainstream software already having made that switch years ago (pre incident), and unfortunately… More robustness in terms of maintainers.

    Open source funding and resilience should be mainstream discussions. Open source verification and security reliability should be mainstream discussions: here’s a recent mastodon thread I found interesting:

    https://ruby.social/@getajobmike/112202543680959859

    However, people switching from x to z (I did see what you did there) is something that is going to happen considering the other factors listed in the article that I summarized above.


  • Linux mint Debian edition or Opensuse tumbleweed.

    Slow Internet/less updates, older, more tested software, slightly wider package availability: LMDE.

    Faster Internet, more updates, very new (but well tested) software, needs slightly more technical knowledge sometimes: Opensuse tumbleweed.

    I personally use Opensuse Slowroll, which is a slower rolling release experimental version of Opensuse tumbleweed.