Loved this article from @joshbressers
https://opensourcesecurity.io/2025/01-cve-for-end-of-life/
I see this use of CVE as yet another symptom of a problem: it's impossible to get the attention of open source users (by definition, a group of people you don't know about).
The number of users that read the changelog or mailing list, checks https://endoflife.software, or enables telemetry rounds down to zero. CVE is one of the few messaging systems that works. I expect more creative uses, not fewer, as OSS projects become CNAs.
=> More informations about this toot | More toots from sethmlarson@fosstodon.org
@sethmlarson @joshbressers Preface: I have not read this yet.
In a recent conversation with @hugovk (my office hours maybe) I can't stop thinking about why we don't ship Python, Django, etc with EOL alerts (warning?) already in mind.
I know not all projects have a fixed life in mind, but more and more of the core tech we work on like Python and Django do have.
Anyways, I'm going to go read that article now.
=> More informations about this toot | More toots from webology@mastodon.social
@webology @joshbressers @hugovk In theory a good idea, in practice I suspect this will cause mass frustration like a time-bomb that lands in our lap every year :(
=> More informations about this toot | More toots from sethmlarson@fosstodon.org
text/geminiThis content has been proxied by September (3851b).