Destination: Brussels – Navigating the Open-Source Waters

Destination: Brussels – Navigating the Open-Source Waters
Photo by Evgeni Tcherkasski / Unsplash

In this newsletter all of our open-source efforts are headed for Brussels. The European Commission received our feedback on the proposed Cyber Resilience Act and we'll be presenting on these efforts at FOSDEM, the Brussels-based event centered on free and open-source software development. While we're there, we'll also head for the DNS devroom to cover some technical topics.

💬 In this issue:

  • An Update on the Cyber Resilience Act: We submitted feedback to the EU and will participate in a panel at FOSDEM.
  • Trust Anchor Support for Krill: It can now run as the Certification Authority for each of the five RIRs.
  • Packaging Rust Projects with Ploutos: A reusable workflow to provide Debian and RPM packages, as well as Docker images.
  • From the News Desk: Short updates on our activities and adventures.

🛡️ An Update on the Cyber Resilience Act

A lot has happened since Maarten wrote his blog post voicing our concerns on the effects on the open-source ecosystem by the proposed Cyber Resilience Act (CRA). The article has had a huge amount of traffic, amassing over 20,000 page views. It has also featured in mainstream media and drew responses from the open-source community. It also sparked several initiatives we'd like to tell you about.

We've collaborated with ISC, CZ.NIC and NetDEF to submit feedback to the European Commission, voicing our concerns and providing recommendations.

Proving compliance for our processes of secure development diverts resources from a practice we have run for decades and are fully self-motivated and incentivised to perform and perfect.

We are also involved in bringing the Cyber Resilience Act to FOSDEM, the Free and Open source Software Developers' European Meeting held every year in Brussels, Belgium. In the main track on Saturday there will be session "How regulating software for the European market could impact FOSS".

It starts with an introductory lightning talk by the European Commission introducing the audience to the proposals for a CRA. In a second talk, Maarten will share NLnet Labs' perspective on the CRA. The third lightning talk by the European Commission will introduce the proposal for a new Product Liability Directive, a topic that thusfar has received very little attention within FOSS circles. The lightning talks are then followed by a panel led by Red Hat's Romuald (Rom) Vandepoel with participation from trade association Digital Europe, the European Commission's Open Source Programme Office, Red Hat and NLnet Labs.

⚓️ Trust Anchor Support for Krill

Krill can now be set up to operate an RPKI Trust Anchor (TA). An RPKI TA serves as an entry point for RPKI validators. There are currently five globally used TAs operated by the five RIRs, where each RIR is responsible for IPv4, IPv6 and AS number resources that are allocated to them by IANA. This means each of the five RIRs now have the option to use Krill as their RPKI Certification Authority solution.

In the mean time, our friends at Tweede golf have reimplemented the user interface for Krill, porting it from Vue.js to React. The new UI is one tenth of the original size (!), much easier to maintain and offers a great platform for further expansion of the capabilities. While we're busy deploying the UI in a Krill release, Tweede golf is now hard at work to give Krill true High Availability support with multiple nodes.

📦 Packaging Rust Projects with Ploutos

If you develop Rust projects and you would like to provide Debian and RPM packages as well as Docker images for your users, then we have just the thing for you. Born out of our own requirements, Ximon has built Ploutos, a reusable packaging workflow.

Ploutos simplifies the creation of Debian, RPM and Docker packages for your Rust projects. You can call it in your project's workflow, by using Github's reusable workflow feature. By reusing Ploutus, you can focus on the packaging specifics that matter for your project, instead of duplicating the foundation in every project.

Keep in mind that we primarily built Ploutos to cater for our own use cases. As such, not all behaviours are yet (fully) configurable. With time, sufficient interest and resource permitting these limitations can in principle be removed. Please check the GitHub project for a list of open issues and ideas for improvement, and to submit your own.

For more information, read the Ploutos user guide or watch Ximon's presentation at the Rust meetup we organised recently.

🗞 From the News Desk

  • The CRA is not the only topic we're covering at FOSDEM. In the DNS devroom Philip will be presenting on Connectbyname and the Proxy Control option and Jeroen will present his work on a new, super-fast zone parser.
  • January has been a bug fix month, with minor releases of Unbound, Routinator and Krill to fix some issues found along the way. Make sure you read the release notes and update to stay safe.
  • The NLnet Foundation is funding our planned implementation of BGPSec in Rust and integrating it into Rotonda, as well as improving Krill's BGP integration.
  • Sunet, the Swedish University Computer Network, is funding the development of PROXYv2 support in our authoritative nameserver NSD.
  • We have published a guide to running Krill and hosting your ROAs in RIPE NCC's Publication as a Service.
  • With 6,610 lines added and 8,151 removed, the Great octseq Conversion by Martin comes to an end. Now our domain crate is fully relying on Generic Associated Types (GATs), paving the way for awesomeness ahead.
  • Want to set the Redis password in Unbound? Now you can.

Until next time!

💚 Love from the NLnet Labs crew