Post B2updKNApzKWetOFns by gregkh@social.kernel.org
 (DIR) More posts by gregkh@social.kernel.org
 (DIR) Post #B2updKNApzKWetOFns by gregkh@social.kernel.org
       2026-02-02T15:33:30.092941Z
       
       1 likes, 0 repeats
       
       As it came up in a few conversations during  "FOSDEM week", here's a link to the OpenSSF blog post about why the idea of "attestation for open source projects" is, in my opinion, and others, a bad idea:https://openssf.org/blog/2026/01/21/preserving-open-source-sustainability-while-advancing-cybersecurity-compliance/Yes, FOSS foundations and projects need ways of getting funding, that is very important, but thinking that "attestation is how we will get that money!" might not be such a good idea given the risks involved, and the past experience for those that have attempted it.