security

On September 23, 2025, several open-source organizations published the open letter »Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship«. The message is that public software infrastructure is fundamental to the digital economy, but it is not free. What’s at stake Public package registries like Maven Central, PyPI, crates.io, or Packagist underpin the software supply chains Running them requires people, hosting, and security — costs that have so far often been borne by a few organizations or volunteers Expectations are rising, for example around availability, signing, compliance, and protection against abuse What’s being called for are models where large users contribute more, without restricting openness I can empathize with the pain described and at the same time see the dilemma. Those who invest time or money take on responsibility, but by doing so also put themselves at a competitive disadvantage compared with those who use everything for free. That’s manageable for large companies, but barely feasible for small firms in fierce competition. Still, it remains indisputable that the infrastructure — and the ecosystem — will not be sustainable in the long run without contributions. ...

GitHub has come out in favor of a Sovereign Tech Fund. Such a funding model is also used by the Sovereign Tech Agency. Felix Reda writes in »We need a European Sovereign Tech Fund« on github.blog: There is a profound mismatch between the importance of open source maintenance and the public attention it receives. The demand-side value of open source software to the global economy is estimated at $8.8 trillion, and the European Commission’s own research shows that OSS contributes a minimum of €65-95 billion to the EU economy annually. Basic open source technologies, such as libraries, programming languages, or software development tools, are used in all sectors of the economy, society, and public administrations. ...

Ellen Nakashima, Yvonne Wingett Sanchez and Joseph Menn write in »Global hack on Microsoft product hits U.S., state agencies, researchers say« for washingtonpost.com What’s also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. Once again, a security vulnerability in Microsoft’s software was exploited. And of course: no system is completely secure. But when almost everyone uses the same software, a single flaw becomes a widespread risk. That’s exactly the case with Microsoft Office, SharePoint, or Windows. ...

The European Commission wants to gradually shift its cloud services from Microsoft Azure to European providers like OVH Cloud to bolster its digital sovereignty. Details are in the article, unfortunately behind a paywall. Commission eyes ditching Microsoft Azure for France’s OVHcloud over digital sovereignty fears The text was automatically translated from German into English. The German quotations were also translated in sense. ...

If macOS’s built-in window-management features aren’t enough, MacsyZones offers a promising alternative. This open-source window manager lets you organize windows much like on Windows, but with extended customization options. The source code is available at öffentlich zugänglich, and the software can be purchased to support further development. The text was automatically translated from German into English. The German quotations were also translated in sense.