Supply chain attacks in open source software projects are a real possibility. In fact, we’ve covered actual incidents in previous episodes of this podcast. In this episode, Jay and Joao discuss developing legislation that will require the components within open source projects to be a part of a bill of materials (among other requirements). This is definitely something you’ll want to be aware of if your organization produces open-source software, but even non-developers should be aware of it as well.

Relevant Articles

• Gov’t Adds Open Source Security to Software Supply Chain
• 20-page PDF with more specific details on the bill

Download Links

• MP3 Version (normal quality)
• MP3 version (lower quality, smaller file)
• Ogg version

Fedora 37 was released in November of 2022, and with it comes Linux kernel 6.0 as well as GNOME 43. In this video, Jay will give you his thoughts on this release. Is Fedora 37 worth checking out?