this post was submitted on 28 Aug 2024
804 points (97.9% liked)

linuxmemes

21225 readers
111 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] peopleproblems@lemmy.world 11 points 2 months ago (1 children)

    Something I don't get paid enough to understand - what constitutes contributions, and what's the definition of selling the software?

    For instance, I don't think I've worked on a project where we have made changes to the source code for security policies (much quicker path to update immediately if something gets flagged). But I don't think I know of an instance where we sell our software as a service - as far as I know it's largely used to support other services we sell.

    Except now that I say that, that's not entirely true, we DO have a review board that we have to submit every third party library to and it takes forever to hear back but we have occasionally gotten a "no can't use that" or "contract is pending." So maybe I'm just super unaware of who reviews the third party software and they review the licenses.

    [–] AA5B@lemmy.world 7 points 2 months ago* (last edited 2 months ago)

    We have a scanner that does that on every build.

    It blocks builds for dependencies with

    • licenses not acceptable to Legal
    • serious or critical vulnerabilities.
    • political messages, even if you agree with them
    • we may also add a criteria to block non-release dependencies.

    As a developer, you’re free to use anything that works

    I have yet to figure out how my company views contributing back to open source. I don’t know of anyone actively doing that, but it turns out we host a few originals of open source. I’ve been trying to improve development processes, get tools and dependencies up to date ….. but then I ran into things where it’s a bigger change because of the downstream opensource dependencies and because it’s not really owned by the company