[HN Gopher] Supporting the BEAM community with free CI/CD securi...
___________________________________________________________________
Supporting the BEAM community with free CI/CD security audits
Author : todsacerdoti
Score : 73 points
Date : 2025-08-01 16:20 UTC (6 hours ago)
(HTM) web link (www.erlang-solutions.com)
(TXT) w3m dump (www.erlang-solutions.com)
| lagniappe wrote:
| The title is "Supporting the BEAM Community with Free CI/CD
| Security Audits"
|
| There is no need to editorialize the title.
| dang wrote:
| (Submitted title was "Free security audits for Erlang and
| Elixir open source projects")
| mananaysiempre wrote:
| Highlights (emphasis mine):
|
| > Open source maintainers can request a free license by emailing
| safe@erlang-solutions.com and including a link to their [GitHub]
| repository. Once approved, we provide a SAFE license _for one
| month or up to a year_ , depending on the project's needs, at no
| cost.
|
| The legalese[1] (is incoherent but apparently) does not pass the
| Curl test, that is, the maintainer of Curl--who gets money by
| providing commercial support for his completely FOSS project--
| wouldn't be allowed to use this had it applied to him:
|
| > You can only use SAFE for open-source software. Any commercial
| use is prohibited.
|
| [1] https://www.erlang-solutions.com/policies/safe-for-open-
| sour...
| justin66 wrote:
| The point you're trying to make about Curl is more unclear than
| anything in that license.
| mananaysiempre wrote:
| It's a reference to a four-year-old discussion[1] in the Curl
| bug tracker about Travis CI introducing a similar prohibition
| on commercial activity in relation to open-source projects.
| The more general point is, fully open-source projects that
| earn money via support contracts are few and precious, and
| it's a dick move to cut them off.
|
| [1] https://github.com/curl/curl/issues/7150
| victorbjorklund wrote:
| Is it just me or does the font look really stretched out on the
| site?
| tiffanyh wrote:
| That's just the normal look of the font they are using (which
| I'm not a fan of either if that's what you're implying)
|
| https://fonts.adobe.com/fonts/aktiv-grotesk-extended
| Animats wrote:
| Took a while to find out what BEAM was. It's the run-time
| interpreter for Erlang.[1]
|
| It's not in Acronym Finder. There are many hits for BEAM, but
| this isn't in the top 10.
|
| [1] https://en.wikipedia.org/wiki/BEAM_(Erlang_virtual_machine)
| cisrockandroll wrote:
| Congratulations
| giancarlostoro wrote:
| Not just Erlang, but all the other languages like Elixir
| (powers Discord), Gleam and others.
| citizenpaul wrote:
| I've seen BEAM mentioned several times on here in the last few
| months. Is there some sort of thing going on with erlang that I'm
| out of the loop on?
| arcanemachiner wrote:
| Erlang/BEAM/Elixir stuff shows up on the front page of Hacker
| News pretty often, I'd say at least once per month.
|
| Elixir was a HN darling a few years back. Publicity has
| somewhat waned since then.
|
| To answer your question, I would say "no", that no particularly
| interesting things have emerged from that community lately.
| Just more stuff happened to make it to the front page. (That is
| not to say anything bad of the BEAM community, just that I see
| nothing particularly outstanding of late which would warrant
| such a claim.)
|
| I would say the most recent newsworthy events would include:
|
| - The Erlang `:ssh` module had a serious CVE that required an
| immediate upgrade for anyone using it.
|
| - Gleam, a BEAM language with static typing, had a v1.0
| release.
|
| - Phoenix LiveView also reached v1.0.
|
| - Elixir is making steady progress on the implementation of a
| static type system, using a novel "set theoretic" type system.
|
| Overall, I would say that the ecosystem as a whole is
| progressing slowly but steadily.
| zelphirkalt wrote:
| Whenever Erlang is the topic, BEAM is not far off. It is like
| Java and JVM.
___________________________________________________________________
(page generated 2025-08-01 23:00 UTC)