We have a scanner that does that on every build.
It blocks builds for dependencies with
- licenses not acceptable to Legal
- serious or critical vulnerabilities.
- political messages, even if you agree with them
- we may also add a criteria to block non-release dependencies.
As a developer, you’re free to use anything that works
I have yet to figure out how my company views contributing back to open source. I don’t know of anyone actively doing that, but it turns out we host a few originals of open source. I’ve been trying to improve development processes, get tools and dependencies up to date …… but then I ran into things where it’s a bigger change because of the downstream opensource dependencies and because it’s not really owned by the company
Glory Hole
Raspberry Pi OS is sticking your hardware through a small hole into what a full Linux distribution would feel like, given sufficient imagination