This Week in OSS #4 (TwOSS)

A weekly roundup of what's going on in the Open Source Community. You can subscribe and get this post in your inbox every week here.


Acquisitions continue:
Microsoft buys Citus Data, a PostgreSQL database provider. Citus started off as a fork, but now works with native Postgres through an upstream low level extensions framework. Link

TravisCI was acquired by a private equity firm. Most likely bought because it has a reliable cash flow and opportunities for restructuring. This meshes with what I've experienced firsthand - a fairly mature product that doesn't require much upkeep or innovation, but it ubiquitously used. Link

MITM (man-in-the-middle) Remote code execution found in apt/apt-get. Should have seen this coming from last week's "Why APT doesn't use HTTPS" article. Link


"Our Software Dependency Problem" by Russ Cox. Today's ecosystem of programming is fundamentally built on sharing code, however we haven't looked critically at the trust model or a sustainable solution. Very important stuff. Link

"It's time to move on from the two-phase commit" Link

Yarn's 2019 Roadmap Link


I'll just note here that most of the trending repositories on GitHub this week don't contain any code. They are lists of resources, or markdown files. I'm not sure what that means, but it is a shift that is worth paying attention to. Link


Google is donating an extra $3.1 million to Wikipedia. That brings their donations to over $7.5 million over the last decade. Link

As always, you can view last week's news in OSS here. You can find all TwOSS newsletters here.