The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
I think the article was pretty clear that (1) companies that use open source projects to make money should be contributing financially to them, and (2) users and contributors need to stop feeling entitled to maintainers’ unpaid labor and time. Mostly 2 because it’s a security risk AND a shitty way to treat people who are making something free for you.
Honestly, in medium to big projects, 2 seems like mostly astroturfing from companies who really want to hide the fact that they benefit financially but use alt accounts to push toxic bullying like “you’re not following opensource principle, not foss this, not foss that, you do this or we’re going to make a scene” when maintainers try to get any semblance of authority over their own projects.
I think the article was pretty clear that (1) companies that use open source projects to make money should be contributing financially to them, and (2) users and contributors need to stop feeling entitled to maintainers’ unpaid labor and time. Mostly 2 because it’s a security risk AND a shitty way to treat people who are making something free for you.
Honestly, in medium to big projects, 2 seems like mostly astroturfing from companies who really want to hide the fact that they benefit financially but use alt accounts to push toxic bullying like “you’re not following opensource principle, not foss this, not foss that, you do this or we’re going to make a scene” when maintainers try to get any semblance of authority over their own projects.
And the rest of us need to stand up for maintainers against bullies.