Newsletter: xz Incident, Hiring, Investments in PHP, GNOME, and Mamba
By Powen Shiah
In Newsletter
Email newsletter on 25 April 2024: xz incident & structural challenges – Hiring an administrative managing director – New investments & bug bounty programs launched
This month, we at the Sovereign Tech Fund would like to share our reaction to the xz incident and highlight an important new position we’re hiring for. Learn about the new open source infrastructure technologies that the Sovereign Tech Fund has commissioned work on.
Thank you to everyone who filled out our survey for open source maintainers to collect input for a fellowship pilot program. As we analyze the responses, we’ll be sharing findings and what we’re learning.
If you’d like to find out about these updates as they happen, you can find the Sovereign Tech Fund on Mastodon, LinkedIn, Twitter, and Bluesky.
xz incident shows the need for structural change
At Sovereign Tech Fund, we have been following the xz incident closely and listening to the many voices in the FOSS maintainer community. What's clear to us is that the xz incident shows the need for structural change:
Jobs @ STF
We’re looking for new leader to join our team and help build the agency for open digital infrastructure! As part of STF becoming its own organization, STF and SPRIND are hiring:
If you know people who might be interested, please share this position with them. Applications for the Administrative Managing Director will be accepted through 15 May 2024, and we will post all new positions on our jobs page.
New Investments
We’re excited to be working with these maintainers and FOSS communities, and to support the software that forms the foundation of our shared digital infrastructure.
Bug Bounty Programs Launched
A major milestone for the Bug Resilience Program: we have publicly launched the first bug bounty programs for Sequoia PGP and systemd. We call on all security researchers to roll up their sleeves, to read the scope of the programs carefully, and to help make our core digital infrastructure more secure by reporting any qualifying vulnerabilities they find, in exchange for a reward.
For each responsibly reported and fixed vulnerability, STF also offers a “fix” bounty to participating projects.
More bug bounty programs are coming online in the upcoming weeks, so keep an eye on our channels and keep looking for those vulnerabilities.
STF out and about
The STF team raises awareness about how important open source digital technologies are. Here are some opportunities we’ve had to talk about STF’s mission and how we’re implementing it.
- Adriana Groh spoke with the UK’s innovation agency for social good, Nesta: video in English
- Fiona Krakenbürger was interviewed on Lage der Nation: podcast in German
- Mirko Swillus was at Open Source Summit North America in Seattle, USA
- Adriana Groh was on a panel at Hertie School’s Centre for Digital Governance: “Getting things done in digital policy”
- On 29-30 April 2024, Tara Tarakiyee will be representing us at NETmundial+10 in São Paulo, Brazil
- On 4-5 May 2024, Paul Sharratt and Powen Shiah will be speaking at the g0v summit in Taipei, Taiwan
- On 14 May 2024, Mirko Swillus will be at the Sovereign Cloud Stack Summit in Berlin, Germany.
Updates from the Projects & Technologies
The projects and technologies in which STF invests sometimes share updates about the work they’re accomplishing with our support. Hear from the FOSS maintainers and communities directly:
- curl: https://daniel.haxx.se/blog/2024/03/20/curl-turns-26-today/
- Fortran: https://fortran-lang.discourse.group/t/fortran-standard-library-release-v0-5-0/7827
- GNOME: https://thisweek.gnome.org/posts/2024/04/twig-144/
- Logback:
- Prossimo:
- Python Package Index: https://blog.pypi.org/posts/2024-04-17-expanding-trusted-publisher-support/
- Reproducible Builds:
- RubyGems: https://blog.rubygems.org/2024/04/12/march-rubygems-updates.html
- Sequoia PGP
- Yocto: