holes in open source software deep in the stack, I am astonished that people still think it's OK to build and build on top of projects where all that's needed to compromise the global infrastructure is to buy or steal the GitHub account of one unpaid hobbyist.
No one is forcing anyone to use any of this software. Everyone is free to audit the repositories and policies and draw their own conclusions. Any kind of volunteer driven effort has to walk a line between keeping volunteers happy and producing working results. The addage that many eyeballs make all bugs shallow still mostly holds true.
Not doing that is profesional misfeasance.
You are aware that open source software does not come with a warranty or any sort of promises about being "fit for purpose" or whatever? Volunteer driven development is not a "professional" undertaking. Doesn't mean we shouldn't all try our best to deliver stuff that works and isn't a leaky bucket, but calling it "misfeasance" is many a bridge too far.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
