<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> The thing that irks me about the whole OSS supply chain discussion is that software companies seem to want a similar amount of security and responsibility, but don’t want to pay for it. OSS software is delivered for free and as-is, and to me that seems incompatible with providing these assurances.</p>