<p>I think the <a href="https://cosocial.ca/tags/xz" class="mention hashtag" rel="tag">#<span>xz</span></a> incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale. </p><p>So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: <a href="https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">tbray.org/ongoing/When/202x/20</span><span class="invisible">24/04/01/OSQI</span></a></p>