@florian.apolloner.eu
Dabbling in many things. Mostly Ops and Python stuff.
Afaik becoming a CNA will allow you to prevent such CVEs in the first place.
10.05.2025 18:04 β π 0 π 0 π¬ 1 π 0
So basically a "get or create"? Haki has a great article about the ups and downs of the individual approaches: hakibenita.com/postgresql-g...
10.05.2025 17:59 β π 5 π 0 π¬ 1 π 0@brongondwana.bsky.social / @fastmail.com Hi, since today (?) I am seeing avatar icons for some automated mails from domains that don't have bimi etc set. How/where from does fastmail source the avatar icons? favicon from the TLD?
02.04.2025 07:51 β π 0 π 0 π¬ 0 π 0
Ep177: Sticking with Django w/ Florian Apolloner
@florian.apolloner.eu is a long-time Django contributor who previously served on the Steering Council and Security Team. We discuss changes to Django, switching to `uv`, and drawing inspiration from other frameworks. djangochat.com/episodes/sti...
Certainly "as we know it". I am so sorry, I just couldn't resist.
09.12.2024 16:54 β π 1 π 0 π¬ 1 π 0Thanks, that brings me to my next question: would you recommend NATS or rather not use it again (independent of Channels). It looks really great, but I don't have any experience with it yet.
25.11.2024 06:21 β π 0 π 0 π¬ 1 π 0@carltongibson.bsky.social @aeracode.org Did either of you ever tried writing a channel layer for NATS?
24.11.2024 21:14 β π 1 π 0 π¬ 1 π 0I wonder why that often happens? I think Kubernetes really seems off-putting at first due to the sheer size. Docker Swarm and Hashicorp Nomad seem so much simpler in comparison (but also offer less I guess).
24.11.2024 16:05 β π 0 π 0 π¬ 1 π 0I nearly spilled my coffee π Funny enough we are just working out a plan to start using k8s. I think I still hate it but one cannot deny the benefits.
24.11.2024 15:43 β π 1 π 0 π¬ 1 π 0No argument on cibuildwheel which is why I was explicitly asking about stage 1 -- ie source bundling. downloadLocation might be indeed an answer but most likely means using all the security analysis you'd get otherwise
22.11.2024 21:39 β π 1 π 0 π¬ 1 π 0And while I agree that a name & version is better than nothing, it is pretty much close to nothing imo. Maybe it helps someone looking at the SBOM manually but I do not have the feeling that it will help any software using that SBOM.
22.11.2024 20:39 β π 0 π 0 π¬ 1 π 0But do Package URLs actually work? I mean if I embed libpq what would be the correct purl for it -- there doesn't seem to be a scheme for the actual source without having a repository (might miss something). I am trying to use purls over CPE where possible due to all the false positives with CPEs :/
22.11.2024 20:38 β π 1 π 0 π¬ 1 π 0Nice post, some questions though. Stage 1: what are suitable identifies for bundled software (purl/packageUrl)? Stage 2: Even without extra dependencies like Maturin etc shouldn't the build backend inject itself as well?
22.11.2024 20:13 β π 0 π 0 π¬ 1 π 0Uff, can't wait to read that. Will it have tooling advice as well? All the generators I tried till now seem to have issues one way or the other. π So I am kinda afraid of even trying to merge sboms π
22.11.2024 06:34 β π 1 π 0 π¬ 2 π 0
