Jamie Tanna | Software Engineer

Tue, 25 Jul 2023 17:49 by Jamie Tanna . #dependency-management-data #public-speaking #devops-notts #open-source #free-software.

Quantifying your reliance on Open Source software (24 mins read).

A writeup of my talk at DevOpsNotts, about the dependency-management-data project and how to use it to understand your internal and external dependencies.

Liked The Pull Request Hack is Fucking Magic by @edent

Post details

I don't have time to keep up with all the daft Open Source projects I release. I wish my skill and my energy was as wide as my ambition. Several years ago, I came across Felix Geisendörfer's Pull …

Sat, 15 Jul 2023 19:59 by Jamie Tanna . #open-source.

Liked We need more of Richard Stallman, not less

Post details

We need more of Richard Stallman, not less écrit par Ploum, Lionel Dricot, ingénieur, écrivain de science-fiction, développeur de logiciels libres.

Wed, 21 Jun 2023 06:01 by Jamie Tanna . #open-source #licensing.

Liked https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ .

Reposted calcifer (@calcifer@hackers.town)

Post details

People seem to really have bought into the capitalist version of open source where software is still a product that requires support and marketing and a roadmap and exists to serve a user community separate and apart from the project. But a whole lot of open source is really just a sharing economy. It’s devs doing something they found useful and deciding to share it rather than hoard it. Those devs don’t owe anyone extra labor just because they chose to share.

Mon, 12 Jun 2023 20:20 by Jamie Tanna . #open-source.

Liked Chris Siebenmann (@cks@mastodon.social)

Post details

IMHO, an underappreciated aspect of 'filing bug reports is (hard) work for people' is that it's hard work that often has no particularly immediate payoff. Filing a bug report will mostly not get the problem fixed immediately the way you want; at best it may get you a fix in the next release, which will arrive who knows when. Sparked by: https://hachyderm.io/@funnelfiasco/110344473863227729

Wed, 10 May 2023 20:18 by Jamie Tanna . #open-source.

Liked Getting to know the Open Source Vulnerability (OSV) format - Open Source Security Foundation by Jennifer Bly

Post details

To keep the modern technological world of open source software safe, it is critical to efficiently and accurately communicate information about open source vulnerabilities. The OSV Schema, created through the collaboration between OpenSSF members and housed within the Vulnerability Disclosures Working Group, provides a minimal, easy-to-use first class JSON format for describing vulnerabilities in open source software.

Mon, 08 May 2023 17:59 by Jamie Tanna . #open-source #security.

Liked Changelog (@changelog@changelog.social)

Post details

I want open source maintainer to be a profession. A thing you start by joining something bigger than just yourself, and then you grow in it. And eventually spawn off your own thing, hopefully. 🗣️ @filippo@abyssdomain.expert https://youtu.be/OBWCM2G6_-I

Mon, 08 May 2023 16:20 by Jamie Tanna . #open-source.

Liked geraldew (@geraldew@fosstodon.org)

Post details

FOSS licenses come in two approaches. The distinction is _who_ is granted the most freedom: - in "copyleft" licenses the emphasis is on the end-user, ensuring that they are _always_ passed the four freedoms; - in "permissive" licenses, the emphasis is on other developers/programmers, including allowing them to _not_ pass on the four freedoms. Is disappointing people still mistake this as being a difference between #FreeSoftware and #OpenSource because each has always supported both types.

Sat, 29 Apr 2023 18:18 by Jamie Tanna . #licensing #open-source.

Fri, 28 Apr 2023 11:34 by Jamie Tanna . #security #open-source.

Liked Beware of fake open source - SD Times by Marc Linster

Post details

Fake—or captive—open source can be defined as software that is released under a license that is not truly open.

Sun, 16 Apr 2023 09:29 by Jamie Tanna . #open-source.

Bookmarked People in your software supply chain by Seth Michael Larson

Post details

For many open source consumers the "logical units" being depended on are libraries. However, the libraries themselves are only a product of what consumers are actually depending on: people. Y...

Sat, 15 Apr 2023 20:31 by Jamie Tanna . #open-source #security.

Bookmarked Google Assured OSS by Seth Michael Larson

Post details

Let's talk about Google's newest software supply chain product. Reading the GA announcement I had many mixed feelings. Starting with the good, compared to other implementations of "curated open s...

Sat, 15 Apr 2023 20:28 by Jamie Tanna . #open-source #security.

Liked GitHub - stackaid/generate-stackaid-json: A GitHub action to generate a stackaid.json file based on your repository's dependency graph

Bookmarked Announcing the deps.dev API: critical dependency data for secure supply chains

Post details

Posted by Jesper Sarnesjo and Nicky Ringland, Google Open Source Security Team Today, we are excited to announce the deps.dev API , which...

Thu, 13 Apr 2023 08:08 by Jamie Tanna . #open-source #security.

Post details

A GitHub action to generate a stackaid.json file based on your repository's dependency graph - GitHub - stackaid/generate-stackaid-json: A GitHub action to generate a stackaid.json file based o...

Wed, 12 Apr 2023 10:05 by Jamie Tanna . #stackaid #open-source #github-actions.

Liked https://news.ycombinator.com/item?id=35519706 .

Tue, 11 Apr 2023 09:00 by Jamie Tanna . #open-source.

Liked https://thanks.dev/home .

Tue, 11 Apr 2023 08:55 by Jamie Tanna . #open-source.

Liked Stay mainline — brandur.org

Post details

A few thoughts on GitHub’s practice of keeping their code synchronized with Rails <code>main</code>.

Sat, 08 Apr 2023 17:20 by Jamie Tanna . #open-source #github #rails.

Liked GitHub - nayafia/lemonade-stand: A handy guide to financial support for open source

This is cool, I've been considering what the process is for setting one of these up recently

Quoted a post on Twitter

Post details

We are open sourcing our own OSPO policies, tools, and guides to help other OSPOs get started. See how you can get started. github.blog/2023-03-13-an-…
GitHub (@github)Fri, 31 Mar 2023 12:07 +0000

Fri, 31 Mar 2023 13:38 by Jamie Tanna . #open-source #github.

Post details

A handy guide to financial support for open source - GitHub - nayafia/lemonade-stand: A handy guide to financial support for open source

Wed, 29 Mar 2023 21:18 by Jamie Tanna . #open source.

Bookmarked SOS: Sustainable Open Source by Floor Drees

Post details

relicensing and lack of resources for maintainers are only two top-level issues plaguing open source

Sat, 25 Mar 2023 10:52 by Jamie Tanna . #open-source.

Liked Crowdsourcing license compliance with ClearlyDefined

Post details

Licensing is what holds open source together, and ClearlyDefined takes the mystery out of projects' licenses, copyright, and source location.

Wed, 01 Mar 2023 11:33 by Jamie Tanna . #open-source.

Liked I’m Now a Full-Time Professional Open Source Maintainer

Post details

It works! I am now a full-time independent open-source maintainer. I'm announcing my first cohort of six clients, and sharing some details of how the model works.

Fri, 03 Feb 2023 08:20 by Jamie Tanna . #open-source.

Reposted a post on Twitter

Post details

Periodic reminder
Alex 🚀 (@AlexJonesax)Mon, 30 Jan 2023 10:49 GMT

Mon, 30 Jan 2023 13:02 by Jamie Tanna . #open-source.

Post details

Open source people: "open source fucking sucks, it's not sustainable. Nobody pays you for all your hard work and everyone is way too entitled, thinks you owe them something." Also open source people: "join us, it's easy, just find a repo of a cool project and start helping out!"
Plausible Sounding-Guff @monkchips@mastodon.social (@monkchips)Fri, 27 Jan 2023 09:37 GMT

Mon, 30 Jan 2023 13:02 by Jamie Tanna . #open-source.

Performing arbitrary executions with Renovate (2 mins read).

How to run Renovate for one-off package upgrades, rather than using it for longer term maintenance.

Mon, 12 Dec 2022 21:27 by Jamie Tanna . #blogumentation #renovate #open-source #security #typescript.

Extracting the dependency tree from Renovate for given repositories (4 mins read).

Creating a (hacky) solution to retrieve the dependency graph from Renovate for a set of repositories.

Tue, 01 Nov 2022 17:03 by Jamie Tanna . #blogumentation #renovate #open-source #security #typescript #dependency-management-data.

Liked Open Source Podcasting Client

Post details

Automattic acquired Pocket Casts last July, and since we’ve been tapping away trying to make the best podcast client for people who love listening to podcasts. And! The team has been working …

Sun, 23 Oct 2022 08:50 by Jamie Tanna . #podcasts #open-source.

Does the tech industry thrive on free work? (6 mins read).

Thinking about how there are subtle expectations to work on your career outside of tech, and how it's not necessarily great.

Sat, 22 Oct 2022 09:38 by Jamie Tanna . #career #job #adhd #open-source #mental-health.

Bookmarked https://githubcopilotinvestigation.com/ .

Tue, 18 Oct 2022 06:45 by Jamie Tanna . #ethics #licensing #open-source.

Analysing our dependency trees to determine where we should send Open Source contributions for Hacktoberfest (8 mins read).

How we (at Deliveroo) are using GitHub Advanced Security's dependency scanning functionality to determine what our most popular dependencies are, and whether we can find any Open Source contributions for the month of Hacktoberfest.

Thu, 29 Sep 2022 13:10 by Jamie Tanna . #deliveroo #open-source #hacktoberfest.

Bookmarked Entitlement in Open Source by Mike McQuaid

Post details

There have been discussions in the aftermath of the log4j vulnerability about whether or not open source is broken or sustainable, what we can do to improve the sustainability of the open source ecosystem moving forwards, and the entitlement of users and companies in expecting maintainers to fix their problems.

Thu, 22 Sep 2022 08:11 by Jamie Tanna . #open-source.

Reposted a post on Twitter

Post details

💶 Instead of sponsoring open-source contributors for their work, sponsor them to go on vacation. 🏝️ (Suggested by @Tixie_)
Mara Bos (@m_ou_se)Fri, 16 Sep 2022 15:31 +0000

Sat, 17 Sep 2022 11:44 by Jamie Tanna . #open-source.

Post details

Do open source, they said. It will be great, they said.
snipe, lixo tóxico ⭑⭒⭒⭒⭒ (@snipeyhead)Thu, 25 Aug 2022 17:29 +0000

Fri, 26 Aug 2022 18:28 by Jamie Tanna . #open-source.

Liked Give nothing, expect nothing: GitLab’s the latest punching bag for entitled users: Dissociated Press

Post details

I think the world would be a better place if we viewed forks of free software as officially endorsed fan fiction
Matthew Garrett (@mjg59)Thu, 25 Aug 2022 10:03 +0000

Thu, 25 Aug 2022 13:41 by Jamie Tanna . #open-source #shitpost.

Liked The Three F's of Open Source Development | Ben E. C. Boyter

Post details

Thu, 25 Aug 2022 13:36 by Jamie Tanna . #open-source.

Post details

What do Docker, GitLab, and Red Hat have in common? Aside from various levels of participation in open source, they’ve all been punching bags over the past few years for non-paying users angr…

Sun, 14 Aug 2022 15:23 by Jamie Tanna . #gitlab #open-source #capitalism.

Post details

"Running a successful open source project is just Good Will Hunting in reverse, where you start out as a respected genius and end up being a janitor who gets into fights." Quote attributed to @cra, and I don't think I've ever seen anything more true posted.
Jens Axboe (@axboe)Fri, 12 Aug 2022 17:16 +0000

Sat, 13 Aug 2022 12:26 by Jamie Tanna . #open-source.

Bookmarked People in your software supply chain by Seth Michael Larson

Post details

For many open source consumers the "logical units" being depended on are libraries. However, the libraries themselves are only a product of what consumers are actually depending on: people. Y...

Tue, 07 Jun 2022 18:23 by Jamie Tanna . #open-source #supportability.

Idea for Open Source/Startup: monetising the supply chain (2 mins read).

An idea I've had for how to better distribute support to Open Source libraries in the supply chain for your software.

Wed, 01 Jun 2022 22:06 by Jamie Tanna . #ideas #security #open-source.

Post details

Always include a complete example on how to reproduce your problem. signed, all your OSS maintainers
Matteo Collina (@matteocollina)Tue, 10 May 2022 16:04 +0000

Tue, 10 May 2022 22:33 by Jamie Tanna . #open-source.

Post details

Hey, students and professors: Making fake commits against real OSS projects is not a valid class assignment. It wastes people's time, irritates them, and gives the student a bad reputation on Github and OSS. Don't do it.
Berkubernetus (@fuzzychef)Fri, 08 Apr 2022 21:00 +0000

Sun, 10 Apr 2022 22:24 by Jamie Tanna . #open-source.

Post details

https://twitter.com/erikbtweets/status/1513072362752823298
You can't just pick some repo on github and demand the maintainer teach you how to participate in an Open Source project. That's not how any of this works.
Joe Cooper 🌻🇺🇦🌻 (@swelljoe)Sun, 10 Apr 2022 09:34 +0000

Sun, 10 Apr 2022 22:24 by Jamie Tanna . #open-source.

Bookmarked https://opensource.org/open-source-protestware-harms-open-source .

Sun, 27 Mar 2022 11:14 by Jamie Tanna . #open-source #ethics #politics.

Post details

So here's why I bought a receipt printer: Every time one of my GitHub repos gets a new issue, I now get a physical ticket printed out on my desk 🪄
Andrew Schmelyun (@aschmelyun)Thu, 24 Mar 2022 11:44 GMT

Thu, 24 Mar 2022 19:20 by Jamie Tanna . #automation #open-source #github.

Post details

https://twitter.com/_msw_/status/1506459050594082820
I have noticed what seems like an almost generational divide in people who contribute to open source. Those who did open source before 2015, and those who think GitHub = OpenSource. 🙃
Aeva ✈ ShmooCon! ✨ (@aevavoom)Wed, 23 Mar 2022 14:58 GMT

Wed, 23 Mar 2022 19:55 by Jamie Tanna . #github #open-source.

Post details

People who say "open source isn't a place for politics" might be unfamiliar with the decades-long social movement. It's always been political.
msw (@_msw_)Fri, 18 Mar 2022 15:11 GMT

Sat, 19 Mar 2022 14:48 by Jamie Tanna . #open-source.