Jeremy Theocharis’ Post

Interesting developments with MinIO - In 2021 it changed license from Apache to AGPL v3.0, Recently it has became "Source Only Distribution", not providing ready to use builds, continuing push to monetize larger part of their community, while for now sticking to #opensource https://lnkd.in/eTaGkmav

LFX Insights: A New Way to Understand Open Source Projects Open source projects are integral to today's technology landscapes, yet their health and sustainability often remain opaque. LFX Insights, developed by the Linux Foundation, bridges this gap by providing comprehensive metrics that go beyond basic indicators like GitHub stars. It assesses project vitality through dimensions such as contributor diversity, maintenance activity, issue resolution speed, and adherence to security best practices. With features like the LF Open Source Index and a robust Project Health Score, organizations can make informed decisions about which open source dependencies to adopt, monitor, and invest in. By offering visibility into the governance and security posture of critical projects, LFX Insights serves as an essential tool for mitigating risks associated with open source dependencies. Author: Ricardo Rocha, Cern. Source: https://lnkd.in/e6MPAkii. #OpenSource #DevOps #SoftwareEngineering #CloudComputing #TechInnovation

FOSS and OSI : A timely re-opening of ancient fault lines. The idea of the OSS permissive license represented a major inflection point in the trajectory of Open Source Software and opened the door wide for the pragmatist constituency to foster a closer relationship with industry and big tech. It worked. You could even say this was a successful hard fork. But time (and unintended consequences) have a habit of catching up with the bast laid plans. Now that OSS is deeply embedded into the fabric of our software infrastuctures, both public and private, and across all industry and business sectors, the time for reckoning seems to be at hand. As the interaction of functions and features that drive our digital world become increasingly complex and interwoven 🧩 , it would seem that there is no turning back the clock to a purely proprietary software environment, even though there may still be some who would advocate for just that. The advent of the commercial (good enough) LLMs may have temporarily tipped the scales back in favor of proprietary solutions but even in the domain of Gen AI, we are witnessing a strong impulse towards the development of alternative OSS models. The EU countries in particular are signalling a clear OSS by default intent. The investor backed corporate business models built around OSS clearly need a rethink but the OSS code itself, and the philosophy and methodology that produced it, is unlikely to become a historical relic. Is the stage 🎭 now set for a long-overdue show down? #OSS #FOSS #Licensing #Proprietary #AI

"The advent of the commercial (good enough) LLMs may have temporarily tipped the scales back in favor of proprietary solutions but even in the domain of Gen AI, we are witnessing a strong impulse towards the development of alternative OSS models. The EU countries in particular are signalling a clear OSS by default intent." The future of Gen AI? 🔮🔮 The signs are pointing towards small (mostly Open Source) task optimized LLMs operating locally on your workstation or device, customizable and scalable for enterprise. The ship may have sailed for investment backed OSS business models but the concept is alive and well and continuing to bite at the heels of the proprietary software vendors. #OSS #GenAI #EU #LLM #SLM

🚨 The “Update README.md PR” Epidemic --> A Modern Problem in Open Source Popular open-source repositories like Express.js, Node.js, and many others have recently been flooded with PRs titled “Update README.md”..🤣 While contributing to open source is always encouraged, making superficial edits (like adding spaces, emojis, or tweaking punctuation) doesn’t make someone an actual OSS contributor, it only creates extra noise and additional work for maintainers who are already doing so much to keep these projects alive. This flood of low-effort PRs mainly wastes CI resources and review bandwidth, causing legitimate and useful PRs to be delayed. Thankfully, many maintainers are now using GitHub Actions and other automations to block these spammy PRs. But still please don’t waste your time or theirs. 👉 If you really want to contribute, start small but meaningful: - Fix a real bug 🐞 - Help triage issues 💬 - Review PRs from others 🔍 Let’s respect the open-source ecosystem. Let’s make contributions that truly matter. #OpenSource #GitHub #DeveloperCommunity #SoftwareEngineering #OSS #RespectMaintainers

Docker Hub, npm, PyPi, RubyGems, Maven Central are in most cases the official channels through which open source is distributed and consumed. Why on earth would you need a private registry? What happens when: 🛑 Docker Hub or npmjs.org has an outage or a dependency unexpectedly gets removed from the official registry? ⚠️ You need to block a particular version of a dependency from being used? 🛜 Your CI environment can’t (or shouldn’t) access the public Internet? A private registry (self-hosted or as a managed service) can make a huge difference by allowing you and your team to: 1. Use as a pull-through cache, keeping your own copies of your dependencies 2. Maintain rules for blocking usage of specific dependencies and versions 3. Mirror upstream dependencies internally, allowing secure builds that still work in isolated or segmented environments Whether you host it yourself or use a managed service, a private registry isn’t just about convenience or speed. It's an important component for the resilience of your build systems. In the latest episode of the open source security podcast a quote stuck with me: "Why are you operationally dependent upon open source infrastructure paid by somebody else? That’s not a good business plan in general.". For anyone interested in the topic of open source and how public registries are struggling to cope with the volume of downloads, it's worth a listen: https://lnkd.in/dvbZ9nVM How are you handling dependencies in your team: straight from the public registries or through a private cache?

Platforms like GitHub, GitLab, and BitBucket have made open source collaboration simple and reliable. They host many of the projects that form the core of the Xahau and XRP Ledger ecosystems. These platforms have played a huge role in building the global developer community that open source depends on. We keep independent backups of key public repositories to make sure that important code and its full history remain available and verifiable for the long term. These mirrors are not a replacement for GitHub or any other service. They simply make the ecosystem stronger and more resilient. Each mirror preserves the full record of a project including commits, authors, and license information. This helps anyone confirm where the code came from and trust that it has not been changed. Keeping this data safe across more than one location is good practice for everyone who depends on open source. We maintain this archive to protect important projects from the Xahau and XRPL ecosystems and to support openness, reliability, and long-term continuity. Visit the archive at https://git.inftf.org Projects from these ecosystems that wish to be added to the archive can send a request to info@inftf.org.

Good News!! CNCF projects gain access to trusted container distribution, enhanced security tooling, and usage insights via Docker’s Sponsored Open Source Program This partnership also highlights a shared commitment to strengthening the open source software supply chain. Tools like Docker Scout and Docker Hardened Images will provide CNCF projects with new layers of insight and control over container security, aligned with best practices in modern DevSecOps. Learn how CNCF Expands Infrastructure Support for Project Maintainers Through Partnership with Docker, Inc https://lnkd.in/g56n_9i4 Cloud Native Computing Foundation (CNCF) #Docker

Broadcom’s Bitnami shift feels like a rug pull: $6K/mo for images that used to be free. 🚨 Percona keeps it open source; maintaining images + Helm Charts for MySQL, PostgreSQL, MongoDB, and more so devs don’t get stuck mid-flight. https://bit.ly/42k8WXc by Liz Warner, CTO, Percona via Computing