Pick GitHub Flow When the Release Is an Attested Digest
For a service that ships one version continuously, the branching model is GitHub Flow and the release candidate is an attested digest, not a release branch.
Robert Allen
Technologist | Regenerative Agriculturist
Passionate about building robust, scalable systems and contributing to open source software. Specializing in backend architecture, API design, and developer tools. Author of open specifications for AI memory interchange and extension packaging.
Recent Posts
The Release Is a Content Digest, Not a Mutable Tag
A container tag is a mutable pointer: what you verified and what you run can silently differ. Name the release by its content digest, and build it once.
Friday Roundup - Week 23: The Spec Becomes the Substrate
OpenAPI 3.2 and Arazzo 1.1 turn the API contract into a substrate agents run on, MCP security research probes it, and Elbit buys into autonomous farming.
Friday Roundup - Week 22: Can You Trust the Code?
Claude Opus 4.8 bets on parallel subagents, new research questions whether AI-generated code can be trusted, and TrapDoor hits npm, PyPI, and crates.io.
Friday Roundup - Week 21: Google I/O, GitHub Breach, Agents
Google I/O ships Gemini 3.5 and Jules; GitHub discloses a supply chain breach of 3,800 repos; Claude Code adds agent coordination; Arazzo 1.1 ships.
Friday Roundup - Week 20: OSS Strip Mining and Mythos
LLM-powered OSS vulnerability scanning crossed a practical threshold, Anthropic gates Mythos, swagger-php 6.1.2 ships, and TinyML reaches smallholder farms.
Greenhouse Climate Modeling with ASHRAE and Python
How cloudgrow-sim turns American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) psychrometrics, solar gain, heat transfer, and ventilation equations into a Python model validated against weather and sensors.
Friday Roundup - Week 19: TypeScript 10x, Agents, and Overlay
TypeScript 7.0 beta ships a Go-rewritten compiler at 10x speed, agentic search challenges the retrieval abstraction, and OpenAPI Overlay v1.1.0 lands with practical toolchain wins.
Why Service Dependency Chains Violate the Reliability Product Law
The CrowdStrike loss exceeded an independence-model prediction by three orders of magnitude. That gap is the empirical signature of common-cause coupling.
When AI Code Errors Compound: A Math Check on Dependency Risk
A YouTuber sketched an equation for AI-induced downtime as service dependencies deepen. The intuition is right, the formula is inverted, and the corrected version still understates the real risk. Here is the math.