feat: add mastodon link

Reviewed-on: #16

.gitea/workflows/hugo.yaml

@@ -33,6 +33,12 @@ jobs:
           submodules: recursive # Get submdules
           fetch-depth: 1 # Fetch all history for .GitInfo and .Lastmod
 
+      - name: Setup required tools (Hugo)
+        uses: https://github.com/jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
+        with:
+          cache: false # no cache on gitea
+          github_token: ${{ secrets.GH_TOKEN }}
+
       - name: Create configuration for Matomo
         run: |
           cp themes/hugo-sustain/static/config.php.sample static/config.php
@@ -40,17 +46,19 @@ jobs:
           sed -i "s|__PROXY_URL__|${{ secrets.MATOMO_PROXY_URL }}|" static/config.php
           sed -i "s|__TOKEN_AUTH__|${{ secrets.MATOMO_TOKEN_AUTH }}|" static/config.php
 
-      - name: Setup Hugo
-        uses: https://github.com/peaceiris/actions-hugo@v3.0.0
-        with:
-          hugo-version: "0.155.3"
-          extended: true
+      - name: Check for broken links
+        run: |
+          if [ "${{ gitea.ref }}" = "refs/heads/main" ]; then
+            mise linkcheck --offline || true
+          else
+            mise linkcheck --offline
+          fi
 
       - name: Build website with Hugo
-        run: hugo
+        run: mise run build
 
       - name: Copy website to host
-        uses: https://github.com/appleboy/scp-action@v1.0.0
+        uses: https://github.com/appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0
         with:
           host: mehl.mx
           username: maxmehl

config.toml

@@ -12,12 +12,14 @@ summaryLength = 50
   leftDoubleQuote = '“'
   rightDoubleQuote = '”'
 
+[markup.goldmark.renderHooks.link]
+  useEmbedded = "fallback"
+
 [permalinks]
   blog = "/blog/:year/:slug"
 
 [params]
   avatar = "profile.png"
-  author = "Max Mehl"
   description = "Open Source expert with background in tech and policy. Focused on strategy, governance, and software supply chains. Building sustainable digital environments."
   keywords = "open source, free software, Deutsche Bahn, DB Systel, FSFE, management, campaign, communication, strategy, konstanz, berlin, munster, IT service, politics, administration, scouts, founder"
 
@@ -25,6 +27,9 @@ summaryLength = 50
   custom_css = ["comments/mastodon-comments.css"]
   custom_js  = ["comments/getcomments.js"]
 
+[params.author]
+  name = "Max Mehl"
+
 [params.social]
   Github        = "mxmehl"
   Git           = "https://src.mehl.mx/mxmehl"

content/blog/2015-01-next-station-tanzania.md

@@ -53,4 +53,4 @@ Any further questions? Do not hesitate [to ask me][3]!
 
  [1]: /2015/naechste-station-tansania
  [2]: /uploads/tanzania-map.png
- [3]: //max.mehl.mx/contact
+ [3]: /contact

content/blog/2026-01-fosdem-supply-chain-strategy/index.md

@@ -19,6 +19,7 @@ slides: https://fosdem.org/2026/events/attachments/ZSWH3N-deutsche-bahn-supply-c
 event:
   name: FOSDEM 2026
   href: https://fosdem.org/2026/schedule/event/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/
+mastodon_toot_url: "https://mastodon.social/@mxmehl/116160561981890042"
 ---
 
 At FOSDEM 2026, I presented Deutsche Bahn's software supply chain strategy in the context of the EU Cyber Resilience Act (CRA), but made clear from the start that CRA was the context, not the trigger. We didn't adopt SBOMs because of regulation – regulation validated the direction we were already taking based on operational needs. The presentation positioned our work at the intersection of CRA compliance requirements, IT operation best practices, and the practical realities of running IT infrastructure for an organization with 220,000+ employees, 7,000+ IT applications, and 100,000+ Open Source components.

content/blog/2026-02-fosdem-sbom-collection/index.md

@@ -19,6 +19,7 @@ slides: https://fosdem.org/2026/events/attachments/7EYTRJ-deutsche-bahn-large-sc
 event:
   name: FOSDEM 2026
   href: https://fosdem.org/2026/schedule/event/7EYTRJ-deutsche-bahn-large-scale-sbom-approach/
+mastodon_toot_url: "https://mastodon.social/@mxmehl/116160570821178215"
 ---
 
 At FOSDEM 2026, I presented Deutsche Bahn's journey from operational need to concrete implementation of large-scale SBOM collection and use. The scale is staggering: approximately 500,000 SBOMs across our software supply chain expected, covering 7,000+ IT applications, 100,000+ Open Source components, and diverse sourcing streams from software we build ourselves to what we buy and operate. The talk focused on how we moved from understanding that "we need to know, in real-time, which exact component is used where and how" to actually making this happen in an organization with 220,000+ employees and hundreds of subsidiaries.

content/blog/2026-03-foss-backstage-getting-real-supply-chain/index.md

@@ -0,0 +1,30 @@
+---
+title: "Getting Real with the Supply Chain: From SBOM Data to Action"
+date: 2026-03-17
+categories:
+  # Language
+  - english
+  # - deutsch
+  - presentation
+  # - podcast
+  # - article
+tags:
+  - OSPO
+  - SupplyChain
+  - DeutscheBahn
+headerimage:
+  src: max-cornelius-stage.jpg
+  alt: Cornelius Schumacher and Max Mehl giving the presentation at FOSS Backstage 2026. It's a total view of the auditorium from the back, with the two speakers on stage and the final slide in the background.
+# summary: Visible on the listing page, but not on the article page
+video: https://www.youtube.com/watch?v=M8wYRRCWaQU
+slides: https://up.mehl.mx/slides/2026-03-17-foss-backstage-supply-chain.pdf
+event:
+  name: FOSS Backstage 2026
+  href: https://26.foss-backstage.de/session/getting-real-with-the-supply-chain-from-sbom-data-to-action/
+---
+
+At DB, we handle 100,000+ SBOMs per day. For our small, virtual Open Source Program Office (OSPO), the challenge is not to get lost in the data, but to cut through the jungle and identify real risks. Together with my OSPO colleague Cornelius Schumacher, I presented this challenge at the FOSS Backstage conference in Berlin. We explained how we gather data, generate insights, and take action.
+
+This talk was partly inspired by my earlier FOSDEM talks ([here](/blog/2026-01-fosdem-supply-chain-strategy) and [there](/blog/2026-02-fosdem-sbom-collection)), where I focused on DB's SBOM program and its tools. In this presentation, however, we highlighted what can be learned from it for professional Open Source management.
+
+One topic stood out throughout the presentation: the need for an OSPO to balance between people, value, and risk. None of these should dominate, even though governance functions often tend to focus on risk. Instead, Cornelius and I advocated for a risk-based approach to managing Open Source.

content/blog/2026-03-gnulinux-podcast-lieferketten-deutsche-bahn/index.md

@@ -0,0 +1,28 @@
+---
+title: "Software-Lieferketten bei der Deutschen Bahn"
+date: 2026-03-25
+categories:
+  - deutsch
+  - podcast
+tags:
+  - Community
+  - DeutscheBahn
+  - SupplyChain
+summary: Ich wurde mal wieder von Ralf Hersel zum “Captain it’s Wednesday” Podcast von GNU/Linux.ch eingeladen, um über Software-Lieferketten bei der Deutschen Bahn zu sprechen. Anlass waren meine jüngsten Vorträge auf der FOSS Backstage und der FOSDEM, in denen ich über die Herausforderungen und Chancen von Software-Lieferketten bei der DB gesprochen habe.
+headerimage:
+  src: ciw.jpg
+  alt: The famous "Captain it's Wednesday" comic
+  processes:
+    - fill 1000x440 center webp
+audio: https://gnulinux.ch/podcast/CIW175.mp3
+event:
+  name: Captain it's Wednesday Podcast
+  href: https://gnulinux.ch/ciw175-podcast
+mastodon_toot_url: https://mastodon.social/@mxmehl/116318946107759692
+---
+
+Ich wurde mal wieder von Ralf Hersel zum "Captain it's Wednesday" Podcast von GNU/Linux.ch eingeladen, um über Software-Lieferketten bei der Deutschen Bahn zu sprechen. Anlass waren meine jüngsten Vorträge auf der [FOSS Backstage](/blog/2026-03-foss-backstage-getting-real-supply-chain) und der [FOSDEM](/blog/2026-01-fosdem-supply-chain-strategy), in denen ich über die Herausforderungen und Chancen von Software-Lieferketten bei der DB gesprochen habe.
+
+Mit Ralf habe ich mal ganz vorne angefangen: was ist eine Software-Lieferkette überhaupt, warum ist sie wichtig, und wie sieht sie bei einem großen Unternehmen wie der Deutschen Bahn aus, und was haben diese SBOMs damit zu tun? Wir haben über die enormen Mengen an Software-Komponenten gesprochen, die täglich bei der DB verarbeitet werden, und wie wir versuchen, den Überblick zu behalten und Risiken zu managen. Dabei ging es auch um die Rolle von Freier und Open Source in der Lieferkette und wie wir dabei mit der Community zusammenarbeiten.
+
+Nach exakt 37 Minuten war das Gespräch auch schon wieder vorbei und natürlich konnten wir nicht in jedes Detail eintauchen. Aber ich hoffe, es war dennoch ein interessanter Einblick für die Zuhörenden.

mise.toml

@@ -0,0 +1,33 @@
+[tools]
+hugo-extended = "0.159.1"
+lychee = "latest"
+
+[vars]
+build_dir = "public"
+
+[tasks.cleanup]
+description = "Clean up the build destination directory"
+run = "rm -r {{vars.build_dir}} || true"
+
+[tasks.build]
+depends = ["cleanup"]
+description = "Build the static site using Hugo"
+run = "hugo -d {{vars.build_dir}}"
+
+[tasks.preview]
+depends = ["cleanup"]
+description = "Preview the site locally using Hugo's built-in server"
+run = "hugo server"
+
+[tasks.linkcheck]
+depends = ["build"]
+description = "Check for broken links using lychee"
+run = '''
+lychee \
+  --max-concurrency 5 --cache --max-cache-age 1h \
+  --index-files 'index.html' \
+  --root-dir {{vars.build_dir}}/ \
+  -u 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) Apple WebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36' \
+  --exclude 'glyphicons-halflings-regular\.(eot|woff|woff2|ttf|svg)' \
+  {{vars.build_dir}}/
+'''

themes/hugo-sustain/assets/scss/default.scss

@@ -363,6 +363,13 @@ div.contact p {
       margin-top: 0;
     }
   }
+  // First and last card in the list have different border radius
+  .row:first-child .card {
+    border-radius: 1rem 1rem 0 1rem;
+  }
+  .row:last-child .card {
+    border-radius: 0 1rem 1rem 1rem;
+  }
 }
 
 /* Helpers */

themes/hugo-sustain/layouts/_default/list.html

@@ -65,7 +65,9 @@
           </div>
           <div class="col-xs-9 col-md-10">
             {{ if $selection }}
-              <span class="article-rss"><a class="label label-rss" href="/{{ .Data.Plural }}/{{lower .Title}}/index.xml" title="RSS Feed"><i class="fa fa-rss" aria-hidden="true"></i> Subscribe to »{{.Title}}«</a></span>
+              {{- with .OutputFormats.Get "RSS" -}}
+                <span class="article-rss"><a class="label label-rss" href="{{ .Permalink }}" title="RSS Feed"><i class="fa fa-rss" aria-hidden="true"></i> Subscribe to »{{ $.Title }}«</a></span>
+              {{- end -}}
             {{ else }}
               <span class="article-rss"><a class="label label-rss" href="/blog/index.xml" title="RSS Feed"><i class="fa fa-rss" aria-hidden="true"></i>  Subscribe to all posts</a></span>
             {{ end }}

themes/hugo-sustain/layouts/_default/rss.xml

@@ -1,28 +1,70 @@
-{{ printf "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\" ?>" | safeHTML }}
+{{- $authorEmail := "" }}
+{{- with site.Params.author }}
+  {{- if reflect.IsMap . }}
+    {{- with .email }}
+      {{- $authorEmail = . }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- $authorName := "" }}
+{{- with site.Params.author }}
+  {{- if reflect.IsMap . }}
+    {{- with .name }}
+      {{- $authorName = . }}
+    {{- end }}
+  {{- else }}
+    {{- $authorName  = . }}
+  {{- end }}
+{{- end }}
+
+{{- $pctx := . }}
+{{- if .IsHome }}{{ $pctx = .Site }}{{ end }}
+{{- $pages := slice }}
+{{- if or $.IsHome $.IsSection }}
+{{- $pages = $pctx.RegularPages }}
+{{- else }}
+{{- $pages = $pctx.Pages }}
+{{- end }}
+{{- $limit := .Site.Config.Services.RSS.Limit }}
+{{- if ge $limit 1 }}
+{{- $pages = $pages | first $limit }}
+{{- end }}
+{{- printf "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\" ?>" | safeHTML }}
 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
   <channel>
     <title>{{ if eq  .Title  .Site.Title }}{{ .Site.Title }}{{ else }}{{ .Site.Title }}{{ with .Title }} ({{.|humanize}}){{ end }}{{ end }}</title>
     <link>{{ .Permalink }}</link>
     <description>Recent content {{ if ne  .Title  .Site.Title }}{{ with .Title }}in {{.}} {{ end }}{{ end }}on {{ .Site.Title }}</description>
-    <generator>Hugo -- gohugo.io</generator>{{ with .Site.LanguageCode }}
-    <language>{{.}}</language>{{end}}{{ with .Site.Author.email }}
-    <managingEditor>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</managingEditor>{{end}}{{ with .Site.Author.email }}
-    <webMaster>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</webMaster>{{end}}{{ with .Site.Copyright }}
-    <copyright>{{.}}</copyright>{{end}}{{ if not .Date.IsZero }}
-    <lastBuildDate>{{ .Date.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</lastBuildDate>{{ end }}
-    {{ with .OutputFormats.Get "RSS" }}
+    <generator>Hugo</generator>
+    <language>{{ site.Language.LanguageCode }}</language>
+    {{- with $authorEmail }}
+    <managingEditor>{{.}}{{ with $authorName }} ({{ . }}){{ end }}</managingEditor>
+    {{- end }}
+    {{- with $authorEmail }}
+    <webMaster>{{ . }}{{ with $authorName }} ({{ . }}){{ end }}</webMaster>
+    {{- end }}
+    {{- with .Site.Copyright }}
+    <copyright>{{ . }}</copyright>
+    {{- end }}
+    {{- if not .Date.IsZero }}
+    <lastBuildDate>{{ (index $pages.ByLastmod.Reverse 0).Lastmod.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</lastBuildDate>
+    {{- end }}
+    {{- with .OutputFormats.Get "RSS" }}
     {{ printf "<atom:link href=%q rel=\"self\" type=%q />" .Permalink .MediaType | safeHTML }}
-    {{ end }}
-    {{ range .Pages }}
+    {{- end }}
+    {{- range $pages }}
     <item>
       <title>{{ .Title }}</title>
       <link>{{ .Permalink }}</link>
       <pubDate>{{ .Date.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</pubDate>
-      {{ with .Site.Author.email }}<author>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</author>{{end}}
+      {{- with $authorEmail }}
+      <author>{{.}}{{ with $authorName }} ({{.}}){{end}}</author>
+      {{- end }}
       <guid>{{ .Permalink }}</guid>
-      <description>{{ .Summary | html }}</description>
-      <content:encoded>{{ .Content | html }}</content:encoded>
+      <description>{{ .Summary | transform.XMLEscape | safeHTML }}</description>
+      <content:encoded>{{ .Content | transform.XMLEscape | safeHTML }}</content:encoded>
     </item>
-    {{ end }}
+    {{- end }}
   </channel>
 </rss>

themes/hugo-sustain/layouts/partials/head.html

@@ -9,13 +9,13 @@
         {{- if .Params.heading -}}
           {{- $title = .Params.heading -}}
         {{- else -}}
-          {{- $title = print .Site.Title " | " .Title -}}
+          {{- $title = printf "%s | %s" .Title .Site.Title -}}
         {{- end -}}
     {{- end -}}
     <meta charset="utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <meta name="author" content="{{ .Site.Params.Author }}" />
+    <meta name="author" content="{{ .Site.Params.Author.name }}" />
     {{ with .Site.Params.description }}<meta name="description" content="{{ . }}" />{{ end }}
     {{ with .Site.Params.keywords }}<meta name="keywords" content="{{ . }}" />{{ end }}
     <link rel="shortcut icon" type="image/x-icon" href="{{ .Site.BaseURL }}img/favicon.ico" />

themes/hugo-sustain/layouts/partials/head/css.html

@@ -13,9 +13,10 @@
 
 <!-- Theme stylesheet, combination of all in assets/scss -->
 {{- $style := resources.Get "scss/main.scss" | resources.ExecuteAsTemplate "scss/main.scss" . | toCSS (dict "targetPath" "css/main.css" "enableSourceMap" false) }}
-<link rel="stylesheet" href="{{ ($style).RelPermalink }}?v={{ md5 time.Now.Unix }}">
+<link rel="stylesheet" href="{{ ($style).RelPermalink }}?v={{ md5 $style.Content }}">
 
 <!-- Custom CSS -->
 {{- range .Site.Params.custom_css }}
-<link rel="stylesheet" href="{{ relURL . }}?v={{ md5 time.Now.Unix }}" />
+{{- $md5 := md5 (readFile (printf "static/%s" .)) }}
+<link rel="stylesheet" href="{{ relURL . }}?v={{ $md5 }}" />
 {{- end }}