Any experienced C developers among my followers? #BoostsWelcome.

Expat, arguably the world's most popular #XML parser, is understaffed and without funding. As #xz has shown, situations like this are dangerous.

Last month, maintainer Sebastian Pipping put up a plea for help at https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

(I would help myself, but my C skills barely surpass "Hello, World".)

Found via @timbray - https://cosocial.ca/@timbray/112203547801373427

#libexpat
#SoftwareSupplyChainSecurity #OpenSource #OpenSourceMaintainer
#C

libexpat/expat/Changes at R_2_6_2 · libexpat/libexpat

:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub - libexpat/libexpat

^GitHub

Tim Bray

2024-04-02 20:37:47

I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.

So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI

OSQI

^{ongoing by Tim Bray}