José Miguel Parrella bureado

Conceptual SBOM model for an APT-based Linux distribution

This is a draft of an entirely exploratory learning exercise to generate SBOMs from first principles that can accompany an APT-based Linux distribution, which in this context is either a disk or a container image obtained from any source including runtime instances, packaged images, debootstraps, etc. Input and comments welcome: Twitter and also on the CNCF, CycloneDX, CDF, Sigstore and other Slacks.

Status

Here's the current version of the output (SPDX) which features:

Identifying information for the primary component (at this time, the debian:latest container image)
purl identifiers for each binary package in the image

Here's a list of DebConf20 sessions I'm looking forward to. Make sure you check out the Streams, video archive or, eventually, YouTube!

how to use 'apt-repos' to inspect multiple apt repositories
DUE - A container manager for building things that aren't Debianized (and things that are).
Building Linux distributions for fun and profit
What comes after Open Source?
[What's new in the Linux kernel (and what's missing in Debian)](https://debconf20.

What I'll be tracking at FOSDEM 2020

Saturday

Containers and security main track from 14h thru 17h50 in K.1.105 (La Fontaine) particularly 14h-14h50 and 17h-17h50
Containers devroom from 10h30 through 1900 in UD2.208 (Decroly) particularly:
FOSDEM 2020 - Linux memory management at scale 14h10

The Apache Way

Adapted from Briefing: The Apache Way

The Apache Way is not One Way. Every Apache project is unique and every member describes their experience with their own words. But here are some attributes that everyone in Apache embraces.

People

Apache is made of people, not organizations. Contributions are voluntary and all votes weigh the same. A strong community can always make good code better.

Tips & tricks para contribuir a #kubernetes-docs-es

¿Por dónde empiezo?

Este documento no sustituye los lineamientos de estilo y procedimientos formales del proyecto. Te sugerimos las siguientes lecturas previas:

Primero, lee el README. Está en castellano y cubre la mayor parte de las preguntas frecuentes.
También puedes leer la Guía de Estilo (en inglés) de Kubernetes, y la que corresponde a community
Dale un vistazo a las slides de KubeCon EU y la charla en YouTube

Here are the accompanying resources for The Future of Open Source Sustainability, as Seen Elsewhere, a talk presented at the Open Source Leadership Summit 2019.

It's my hope that communities can bring these questions to a broader sample, focusing on more equal gender representation and detecting significant differences across native languages and community of affinity (e.g., CNCF, Python, JS, etc.)

See the slides for additional commentary and my key takeaways and insights for the sample below or subscribe to RSS for new developments on this topic.

Feedback, questions and comments are very welcome! Get in touch.

	#!/bin/bash

	# Also see: https://gist.github.com/bureado/16df777c1f9883ef919a5cc0c30eaba3

	case "$1" in
	init)
	# Install dependencies
	sudo apt update && sudo apt install jq auditd -y
	# Start auditd
	sudo systemctl start auditd.service

	#!/bin/sh

	# Video: https://www.youtube.com/watch?v=Rv4ZlbMb1pE&list=PL9GzfK3UKP1vOcUkp3ayByoBY2pT641YN&index=3

	# Usage: ./hash-to-buildinfo.sh <.deb package>
	# Works with deb packages obtained from a Debian archive
	# Assumes rekor CLI is in ./

	# This all exists because https://unix.stackexchange.com/a/612931
	# https://unix.stackexchange.com/a/673157

	#!/bin/sh

	# See: https://hackmd.io/@aeva/draft-gitbom-spec
	# Also see: https://gist.github.com/bureado/0e4b53e90ac1263b7c5ed908dbe2cb50

	# Today I would look at witness, tracee, and many others.

	# TODO: make sure $BUILDDIR is a --git-dir
	BUILDDIR=$1
	TIMEOUT=5

	#!/bin/sh

	#
	# This script deploys a custom Photon 3.0 GA VHD to Azure and starts a VM
	# See https://dev.to/bureado/getting-started-with-photon-os-on-azure-32h8 for more.
	#
	# Usage: ./script.sh photon.vhd
	#

	set -x