Any experienced C developers among my followers? #BoostsWelcome.
Expat, arguably the world's most popular #XML parser, is understaffed and without funding. As #xz has shown, situations like this are dangerous.
Last month, maintainer Sebastian Pipping put up a plea for help at https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes
(I would help myself, but my C skills barely surpass "Hello, World".)
Found via @timbray - https://cosocial.ca/@timbray/112203547801373427
#libexpat
#
... Show more...Any experienced C developers among my followers? #BoostsWelcome.
Expat, arguably the world's most popular #XML parser, is understaffed and without funding. As #xz has shown, situations like this are dangerous.
Last month, maintainer Sebastian Pipping put up a plea for help at https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes
(I would help myself, but my C skills barely surpass "Hello, World".)
Found via @timbray - https://cosocial.ca/@timbray/112203547801373427
#libexpat
#SoftwareSupplyChainSecurity #OpenSource #OpenSourceMaintainer
#C
:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub - libexpat/libexpat
GitHub
I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI