This document specifies the standard protocol for handling and discarding low-effort, machine-generated contributions submitted to source code repositories, issue trackers, vulnerability reporting portals, and community forums, be they public open-source projects or internal corporate monoliths.

The answer is - it's both. There's also parallels in archers in Europe from the longbow period: https://en.wikipedia.org/wiki/English_longbow#Training You can tell who was a professional archer by looking at their skeleton, and so naturally families who had bodies with more readily adaptable skeletons typically became archers. This married the morphology of an archer to social status and family line.

“Make the tall girl join the women’s basketball/volleyball team.”

....OK who signed a data sharing agreement without having the thought "who am I sharing the data with" when they were at the doctors?

banned != illegal

PayByCar is now showing a generic:

Our services are temporarily paused. We appreciate your understanding.

Which probably isn't anything nefarious, but I guess the turnpike was free this morning?

The providence of the SBOM is important. If you can't say "I made this" in reference to the SBOM then it's pretty much worthless.

Or, flip the script, if you're concerned enough about supply chain security to mandate an SBOM, you probably don't trust the supplier anyway.

There's the "but I signed it" crowd, but the wheels fall off when they've signed compromised artifacts too.

I just don't see a scenario where an SBOM that cannot be inspected and verified would be useful. If you have the infrastructure to do it, you're generating SBOMs anyway.

It's not so much about who made what. It's about knowing what versions where used and which CVEs are attached.

CVEs are very important, of course, especially nowadays, but...

Many licenses, such as the MIT license, are very open. All you have to do is include the license text and the names of the software creators, because they want attribution. In other words, it really is about who made what, even with some of the most open licenses.

Licenses matter, a lot. After all, some licenses are share-alike/viral: if you "use" code with such a license, your code might inherit that license. (I put "use" in scare quotes because this is where the lawyers get involved. It depends how exactly you use the code.)

To put it another way - PIT runs your unit tests against automatically modified versions of your application code. When the application code changes, it should produce different results and cause the unit tests to fail. If a unit test does not fail in this situation, it may indicate an issue with the test suite.

I've seen code that works well for a piece of middleware, but when the stack is complete, testing the entire stack is always done with perfect data.

An entire stack failing due to a piece of the stack for so many reasons is so common.

Testing is a skillset that many don't have without experience.

Laptop reseller Malibal who boasts laptops with Linux support has picked a fight with the coreboot project and blacklisted several countries and US states from receiving their laptops.

The "why don't you ship to" links in their KB are also lulzy: https://portal.malibal.com/kb/c2/payment-shipping/

Oh no! What will we ever do? haha. So Malibal tried to use free software, couldn't do it themselves, tried to get someone else to do it for cheap, and complains while not even paying anybody. Sounds like a cheap company that will cut corners at ever turn(pun intended).

> We no longer ship to Colorado due to the actions of System76's Principal Engineer (https://www.system76.com), Pop_OS! Maintainer (https://pop.system76.com), and Redox OS BDFL (https://www.redox-os.org) named Jeremy Soller (https://soller.dev).

Source: https://portal.malibal.com/kb/a1064/why-dont-you-ship-to-col...

Err, what? I really can't follow the logic here. What does some dude have to do with Colorado.

this is some Elon Musk level of maturity!

I missed the A and read E on the end of "europa" and was like "ah yes I see you have met the French".