As more organizations use more open source, we’ve begun to hear a phrase more and more over the past year: “the open source software supply chain.”
If you work for a large organization, the term “supply chain” is familiar, and it makes sense that you’d think of externally sourced open source components as “supply” produced by open source maintainer “suppliers.”
But in our experience, open source maintainers don’t think like that. In many cases they never signed up to be a supplier, at least in the traditional sense of producing something of value and getting paid for it (see this blog post entitled I am not a supplier for one example). In most open source software licenses, the code is available to use freely, with few restrictions, but also with “no warranty.”
So if you are an open source maintainer who accidentally has found yourself part of a “software supply chain” or you are building applications with open source and want to better understand how open source software both is AND isn’t a supply chain, this post is for you!
Read more on our blog.
Top comments (0)