From b08fb067d7322b479948c26a586d93224b6f7151 Mon Sep 17 00:00:00 2001
From: Max Mehl <mail@mehl.mx>
Date: Fri, 21 Mar 2025 14:25:14 +0100
Subject: [PATCH] draft for open source risks article

---
 .gitmodules                               |  3 +++
 config.toml                               |  2 +-
 content/blog/2024-03-open-source-risks.md | 15 +++++++++++++++
 themes/hugo-admonitions                   |  1 +
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 content/blog/2024-03-open-source-risks.md
 create mode 160000 themes/hugo-admonitions

diff --git a/.gitmodules b/.gitmodules
index a3374fd..1855909 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,6 @@
 [submodule "themes/hugo-mastodon-comments"]
 	path = themes/hugo-mastodon-comments
 	url = https://src.mehl.mx/mxmehl/hugo-mastodon-comments
+[submodule "themes/hugo-admonitions"]
+	path = themes/hugo-admonitions
+	url = https://github.com/KKKZOZ/hugo-admonitions.git
diff --git a/config.toml b/config.toml
index 19d5ab7..e1d116c 100755
--- a/config.toml
+++ b/config.toml
@@ -1,7 +1,7 @@
 baseurl = "https://mehl.mx/"
 languageCode = "en-GB"
 title = "Max Mehl"
-theme = [ "hugo-sustain", "hugo-cloak-email", "hugo-mastodon-comments", "hugo-snap-gallery" ]
+theme = [ "hugo-sustain", "hugo-cloak-email", "hugo-mastodon-comments", "hugo-snap-gallery", "hugo-admonitions" ]
 
 [markup.highlight]
 codeFences = true
diff --git a/content/blog/2024-03-open-source-risks.md b/content/blog/2024-03-open-source-risks.md
new file mode 100644
index 0000000..335dade
--- /dev/null
+++ b/content/blog/2024-03-open-source-risks.md
@@ -0,0 +1,15 @@
+---
+title: "Managing Risks in Open Source without Ignorance and Fear"
+date: 2025-03-24
+categories:
+  - english
+tags:
+  - ospo
+headerimage: /blog/file-cabinet.jpg
+headercredits: Neatly organise your records
+---
+
+Historically, a lot of effort in the sphere of Open Source Program Offices has been spent on two things: getting accurate data about the exact usage and metadata of third-party Open Source projects and getting data about risks attached to it. Today, the barrier of creating proper SBOMs has become somewhat low and there are countless metrics that point to potential issues, and what we see is quite frustrating: a huge pile of measured problems which are hard to impossible to fix in practice. Let's explore some actionable options.
+
+> [!INFO]
+> Warning: This operation will delete all data.
diff --git a/themes/hugo-admonitions b/themes/hugo-admonitions
new file mode 160000
index 0000000..07f3001
--- /dev/null
+++ b/themes/hugo-admonitions
@@ -0,0 +1 @@
+Subproject commit 07f3001d9df9db62a722a89d3ce6f2c5bb5f7651