Skip to content

Instantly share code, notes, and snippets.

Avatar

José Miguel Parrella bureado

View GitHub Profile
View apt-sbom.md

Conceptual SBOM model for an APT-based Linux distribution

This is a draft of entirely exploratory work to generate SBOMs that can accompany an APT-based Linux distribution, which in this context is either a disk or a container image.

Assumptions and preliminary work

  • We are using SwiftBOM for a manual approximation to the problem
  • We are focusing on the NTIA-recommended fields, all of which should be readily available in the local state of an APT-based Linux environment
    • We might need to acknowledge some transitive trust. For example, if we say a Component is a Package, then what should go in the hash of the Package? The only package hash we can get from the local APT state is what's in the repo indices as they were last fetched. The hashes may or may not match the package hash that was used to install the files in the local filesystem.
  • It's possible we'll focus first on producing an SPDX document
@bureado
bureado / fosdem-2020.md
Created Jan 20, 2020
JMP - FOSDEM 2020 Tracking Gist
View fosdem-2020.md
View simple-apache-way.md

The Apache Way

Adapted from Briefing: The Apache Way

The Apache Way is not One Way. Every Apache project is unique and every member describes their experience with their own words. But here are some attributes that everyone in Apache embraces.

People

Apache is made of people, not organizations. Contributions are voluntary and all votes weigh the same. A strong community can always make good code better.

@bureado
bureado / k-docs-es-tips.md
Last active May 28, 2019
Tips & tricks #kubernetes-docs-es
View k-docs-es-tips.md

Tips & tricks para contribuir a #kubernetes-docs-es

¿Por dónde empiezo?

Este documento no sustituye los lineamientos de estilo y procedimientos formales del proyecto. Te sugerimos las siguientes lecturas previas:

@bureado
bureado / sustainability-elsewhere-resources.md
Last active Mar 14, 2019
Resources for the "Open Source Sustainability Elsewhere" exercise
View sustainability-elsewhere-resources.md

Here are the accompanying resources for The Future of Open Source Sustainability, as Seen Elsewhere, a talk presented at the Open Source Leadership Summit 2019.

It's my hope that communities can bring these questions to a broader sample, focusing on more equal gender representation and detecting significant differences across native languages and community of affinity (e.g., CNCF, Python, JS, etc.)

See the slides for additional commentary and my key takeaways and insights for the sample below or subscribe to RSS for new developments on this topic.

Feedback, questions and comments are very welcome! Get in touch.

Questions asked

@bureado
bureado / photon-azure.sh
Last active Mar 10, 2019
Deploys Photon OS 3.0 GA in Azure
View photon-azure.sh
#!/bin/sh
#
# This script deploys a custom Photon 3.0 GA VHD to Azure and starts a VM
# See https://dev.to/bureado/getting-started-with-photon-os-on-azure-32h8 for more.
#
# Usage: ./script.sh photon.vhd
#
set -x
View open-en-2018.md

¿Qué pasó con el open source en el 2018?

El 2018 fue un año extraño para el open source... funding decentralizado, cambios de licencias e inversiones sin precedentes que nos hacen pensar sobre los retos de sostenibilidad del open source. Para tratar de hacer sentido de todas las noticias de las últimas semanas, publiqué un video donde hablo sobre estos retos.

Este documento acompaña al video e incluye no solo las fuentes de las historias en el video sino muchos otros enlaces de interés. El objetivo de esta recopilación es permitirle a los activistas hispanoparlantes del open source conectarse con la conversación. ¿Ideas? ¿Comentarios? Estoy en Twitter: @bureado.

In English: this is a write-up on open source sustainability that I developed in early 2019 for Spanish-speaking audiences. All the sources are in English (which is exactly the problem I was trying to solve) and if you're looking for a broader "what happen

@bureado
bureado / linux-postmodern-packaging-edyo.md
Created Dec 23, 2018
Resumen de la encuesta sobre el futuro de sistemas de paquetes en Linux (Entre Dev y Ops)
View linux-postmodern-packaging-edyo.md

Gracias a la comunidad de Entre Dev y Ops por participar en este estudio informal (n=18) sobre el futuro de los sistemas de paquetes en Linux. Estas son algunas de las conclusiones:

  • APT prevalece como sistema de paquetes preferido en esta muestra (56%) y aunque RPM está presente, es importante resaltar que cerca de un cuarto de las respuestas no se identifican ni con APT ni con RPM, o usan otro sistema
  • Más allá de estar íntimamente relacionado con la "distro estándar" de cada organización, el sistema de paquetes no parece determinar otras áreas del gasto de TI, excepto quizás ser un factor en la elección de sistemas de automatización en el caso de los ISVs.
  • Prácticamente toda la muestra usa repositorios adicionales a los oficiales, y tienen que lidiar con otros sistemas de paquetes como Docker Hub/Store, PyPI, NPM/YARN, Maven o Helm (en ese orden de popularidad)
  • Es interesante resaltar que la mayoría de las personas que respondieron mantienen paquetes personalizados, y
@bureado
bureado / packaging-resources.md
Created Jun 21, 2018
Post-modern Linux packaging: additional reading
View packaging-resources.md

Post-modern Linux packaging: additional reading

Summary

This document compiles 2018 coverage around post-modern packaging technologies for Linux, including packaging formats like Snaps and Flatpaks, systems like Nix and Guix and full distros such as Atomic or Clear Linux.

This curation and commentary are current as of 18 June 2018. The curation was prepared by José Miguel Parrella (@bureado) as part of his session at Open Source Summit Japan: Package Management and Distribution in a Cloud World.

We compile these resources in an effort to provide individual developers and organizations with current coverage on the state-of-the-art and motivations of the current post-modern packaging landscape with the intention to increase readiness in experimenting with, evaluating and potentially adopting said technologies.