"If you haven't heard of Sonatype, Sonatype runs the Maven Central Repository. We're also the producers of Nexus and a lot of other software that people tend to know. I got started in open source a long time ago. Most of my open source street credentials come from the Maven project. I was a contributor early on. I was the PMC chair for several years. I'm still on the PMC, but I haven't written any code there in a while."
"And more recently, I've been on the governing board of the Open Source Security Foundation, the OpenSSF, and I'm also on the board of the FINOS, Financial Open Source Foundation. And through those efforts in recent years, I have worked with various governments, contributing to some of the national cybersecurity drafts. Over the last couple of years, I have also been involved in cyber resiliency and CRA work in Europe."
"Thank you for the help with the CRA. You were pretty involved with that. You are one of the people who pushed and rang the alarm when you felt that the open source in Europe, at least, is in danger. How about now? Are you happy with the outcome? I know that people felt that they listened, but how do you feel?"
Brian Fox is co-founder and CTO at Sonatype, which runs the Maven Central Repository and produces Nexus. He began in open source with early contributions to the Maven project, served as PMC chair for several years, and remains on the PMC while supporting Apache infrastructure. He served on the governing board of the Open Source Security Foundation (OpenSSF) and on the board of FINOS. He collaborated with governments on national cybersecurity drafts and engaged in cyber resiliency and Cyber Resilience Act work in Europe. Concerns arose about treating open source like commercial software under the CRA.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]