This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian

It's a fascinating conversation about a very complicated topic

There are things that could be detected, but this one would have been very very difficult

opensourcesecurity.io/2025/202…

Detecting XZ in Debian with Otto Kekäläinen

In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects.

^{Josh Bressers (Open Source Security)}

#OpenSourceSecurity chats with @Di4na about his blog post explaining hobbyist open source maintainers

Whatever you think you know about open source, you're going to learn something from this one

An enormous amount of the open source that runs the world is written by hobbyists, and how we can support them is not at all obvious or easy

opensourcesecurity.io/2025/202…

Hobbyist Maintainers with Thomas DePierre

Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, “You are all on the hobbyist maintainers turf now,” exploring the massive disconnect between the corporate world that consumes open source and the hobbyist com…

^{Josh Bressers (Open Source Security)}

I had a chat with @grimmy on #OpenSourceSecurity about maintaining an open source project for more than 20 years (Gary maintains Pidgin)

It's a fun conversation that brought back many memories as well as some lessons for everyone involved in open source

opensourcesecurity.io/2025/01-…

Open Source Maintenance with Gary Kramlich

I met Gary Kramlich a few years ago at the CypherCon security conference and we now chat on signal about open source things.

^{Josh Bressers (Open Source Security)}