The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
Bullying in Closed Source Software is also bad. Off course in Open Source more people have the ability to do this, compared to a more controlled environment like Closed Source. What do we learn from the mistakes described in the article? Don’t close your eyes, watch and don’t trust untrusted people. If someone starts bullying or is toxic, take that as an attack and warn them to get banned. It’s like saying bullying under politicians is bad. Yes it is. And we should not allow that. But that does not mean we should stop using or developing Open Source (or stop electing).
If people are really unhappy with the direction of the project and if they want to push specific updates they want see, they should just fork it and do whatever they want. And if it works, it can still be integrated into the “main app”.
One of the takeaways Imo is to consider bullies as potential security threats especially when they’re pushing to merge code. And for both developers and non-developers alike, to try to foster a culture of respect and avoid entitlement in git issues. Call it out when you see it and don’t dogpile.
Bullying in Closed Source Software is also bad. Off course in Open Source more people have the ability to do this, compared to a more controlled environment like Closed Source. What do we learn from the mistakes described in the article? Don’t close your eyes, watch and don’t trust untrusted people. If someone starts bullying or is toxic, take that as an attack and warn them to get banned. It’s like saying bullying under politicians is bad. Yes it is. And we should not allow that. But that does not mean we should stop using or developing Open Source (or stop electing).
If people are really unhappy with the direction of the project and if they want to push specific updates they want see, they should just fork it and do whatever they want. And if it works, it can still be integrated into the “main app”.
One of the takeaways Imo is to consider bullies as potential security threats especially when they’re pushing to merge code. And for both developers and non-developers alike, to try to foster a culture of respect and avoid entitlement in git issues. Call it out when you see it and don’t dogpile.