<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@dymaxion" class="u-url mention">@<span>dymaxion</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@Di4na" class="u-url mention">@<span>Di4na</span></a></span> Right, but, then, I think we are maybe discussing two different things? Most OSS devs are not concerned by supply chain security, it's delusional IMHO to try to move the Overton window on this matter, at this point in time.</p><p>Commercial interests are in the range of the CRA and we will see how it translate into benefits for the overworked burnout OSS maintainers in the community.</p><p>Whether the signal is positive/negative shall guide where the Overton window move?</p>
