A recent grumble about PGP signatures on PyPI has quickly led to PyPI dropping support for PGP. While I agree that there are major issues with PGP, I don't agree that its use in PyPI is "worse than useless" and I'm disappointed to see support dropped before a replacement has been deployed. Sigstore seems to be a promising replacement, but I think further work is needed before this can become a key pillar for securing the open source ecosystem.
I realised recently that I have now been involved in OpenEmbedded and the Yocto Project for over a decade! I thought I'd take the opportunity to look back at how I first got involved with the project and my early contributions.
Photos taken at Attenborough Nature Reserve, Nottingham, UK, in the month of April 2023.
I've recently made a couple of changes to my development environments. As I've been configuring these environments, I've taken the opportunity to extend the lifetimes of my PGP keys (as they were nearing expiry) and generate new SSH keys.
Inspired by Cory Doctorow, I've been thinking about the IndieWeb idea of POSSE (Publish on your Own Site, Syndicate Elsewhere) and how to extend the reach of my blog posts. So I'm trying something new and syndicating blog posts to dev.to, a mid-sized social media site for software developers.
For my photography and writing I'm now using the Creative Commons Attribution-NonCommercial 4.0 (CC-BY-NC 4.0) license. I'll continue to release software under open source licenses.
I'm happy to announce that version 0.2.0 of mirrorshades, a tool for mirroring data from remote sources, has been released.
meta-linux-mainline is a Yocto Project layer I created in May 2020 when I needed to test a few hardware boards with unpatched, upstream kernel sources. The project has undergone a few changes recently so now is a good time to give an updated overview of how the layer works and when you might want to use it.