Here are the slides for my talk "Composer Guide to Supply Chain Security" at PHP[TEK] in Chicago 2 weeks ago!
Supply chain security is such an important topic! My talk highlighted what you should know about Composer to effectively and securely use it in your dev workflows. It also showed what tools like Private @packagist can do to help.
Thank you to @phparch for putting on another great event and having us as a sponsor!
Last week I attended PHPTek 2024 in Chicago, this was my first time in a PHP Conference. It was such an extraordinary experience that I’m looking forward to make the flight from Quito, Ecuador to the US again next year for PHPTek 2025. #phptek#phptek24
Thank you very very much to the sponsors @compassioncode@packagist@zend@sensiolabs@Vonage@OSMHhelp@PubNub@vehikl@FusionAuth and @DevITjobs as they make this conferences possible!! See you again next year!!
Maybe it’s just time to say “fuck it” and #GPL all the things?
The #OpenSource movement was a response to corporate skittishness around using #FOSS, and it focused on very permissive licenses to make corporations feel more comfortable using it. Maybe that turned out to be the wrong approach. Maybe the #OSI helped create the problem.
If the OSI helped create it, #GitHub encouraged and exacerbated it.
I wonder if the community has grounds to sue any of these companies who are ditching the AGPL in favor of proprietary, source-available licenses, especially under “third-party beneficiary contract” legal theories, like @conservancy did in their suit against Vizio.
If the source code originally used AGPL, isn’t it still contractually obligated to ensure those rights to its users, including any new source code added to it?
At #phptek I had a chance to talk with @mwop and @naderman about the PHP Foundation and a bunch of other stuff and conversations I’d had with @ralphschindler — gonna start working on presenting new ideas for the PHP web site to change the marketing messages and let everyone out there know what #php can do these days
@grmpyprogrammer perhaps have a chat with @mvriel. Some years ago already he had some ideas for design changes to make the PHP website clearer and looking better.
I’ve seen a number of folks get excited about contributing to #OpenSource since #PHPTek, and that’s amazing!
My advice: pace yourself, and start small. Give yourself a long runway, and if you don’t contribute at the level you were hoping, don’t count that as a failure, and don’t beat yourself up over it.
It’s easy to burn out quickly if your expectation is to jump head-first into open source. Every contribution, no matter how tiny you perceive it, is a success.
One of the best things about #phptek is getting home and seeing all of the open tabs in my browser of things I need to read and research. One of the worst things is how long it'll take! The highest number of open tabs is from @ramsey's talk on building a Composer package.
Spent the morning teaching my youngest son how to write CLI scripts in PHP to do math and ask him math questions. Used some of what I learned from @awoodsnet at #phptek too. Good times!