• 14 Posts
  • 58 Comments
Joined 1 year ago
cake
Cake day: August 8th, 2023

help-circle








  • GravelPieceOfSword@lemmy.caOPtoLinux@lemmy.mlFwupd Will Use Zstd Compression
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    8 months ago

    As with all definitions, there is a gray area where people will have different boundaries on exact meanings. To you - a supplier relationship needs an explicit payment, which is a fair definition.

    However, the more widely used definition that most people, including me, refer to, is not necessarily focused on the supplier, but on the supply - what we use in our toolchains is a supply - regardless of how it was obtained.

    When there is an issue in a trusted supply, even if it was not a commercial relationship (a prerequisite by your definition), it is a supply-chain attack by the more widely used definition.


  • The article states reasons which aren’t limited to what happened. I understand and agree with your sentiment about the supply chain issue being something that could happen anywhere - those were my initial thoughts too.

    The reasons for shifting are related to speed, other mainstream software already having made that switch years ago (pre incident), and unfortunately… More robustness in terms of maintainers.

    Open source funding and resilience should be mainstream discussions. Open source verification and security reliability should be mainstream discussions: here’s a recent mastodon thread I found interesting:

    https://ruby.social/@getajobmike/112202543680959859

    However, people switching from x to z (I did see what you did there) is something that is going to happen considering the other factors listed in the article that I summarized above.


  • Linux mint Debian edition or Opensuse tumbleweed.

    Slow Internet/less updates, older, more tested software, slightly wider package availability: LMDE.

    Faster Internet, more updates, very new (but well tested) software, needs slightly more technical knowledge sometimes: Opensuse tumbleweed.

    I personally use Opensuse Slowroll, which is a slower rolling release experimental version of Opensuse tumbleweed.













  • No software is guaranteed to run on all platforms: the developers choose to make it available or not.

    I did some quick googling, and it seems fairly easy to install it:

    Use Ubuntu (if you’re not familiar with, and don’t want to be familiar with terminal basics), and install chirp from the Ubuntu App store. Snap is just a name of their package format, and their app store links to snap craft.

    If you’re not using Ubuntu, that’s your choice, you’ll either have to install snap, then do the same, but it’s more work. Or play with the terminal just a bit to follow their instructions.

    Details

    If you’re on Ubuntu or have snap installed - it’s a one click operation to install chirp: https://snapcraft.io/chirp-snap

    If you’re on another distribution by choice: https://chirp.danplanet.com/projects/chirp/wiki/ChirpOnLinux

    this page has a 3 step install for mainstream Linux distributions:

    1. Install dependencies (they’ve listed the commands)
    2. Install chirp and Python dependencies (commands provided)
    3. Run chirp