Bullying in Open Source Software Is a Massive Security Vulnerability
Bullying in Open Source Software Is a Massive Security Vulnerability
The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
You're viewing a single thread.
So what is the the solution then? What kind of culture would be more operationally secure?
I think the article was pretty clear that (1) companies that use open source projects to make money should be contributing financially to them, and (2) users and contributors need to stop feeling entitled to maintainers' unpaid labor and time. Mostly 2 because it's a security risk AND a shitty way to treat people who are making something free for you.
users and contributors need to stop feeling entitled to maintainersโ unpaid labor and time
And the rest of us need to stand up for maintainers against bullies.
Honestly, in medium to big projects, 2 seems like mostly astroturfing from companies who really want to hide the fact that they benefit financially but use alt accounts to push toxic bullying like "you're not following opensource principle, not foss this, not foss that, you do this or we're going to make a scene" when maintainers try to get any semblance of authority over their own projects.
Maybe some inspiration from how OpenBSD handles users requesting features.
"No one deserves anything from us. /../ The developers in this project do the best they can"
or
"If you expected any of us to reply as if we are contractors or your employees, you came to the wrong place."Community guidelines in a readme would be a good start. Also, educating those opening new git issues since I often see entitled and vitriolic demands from non-devs who do not understand what FOSS is (although I understand that this isn't the only bully archetype).
Submitig bug reports is a contribution, not bullying. Some devs see reporting a bug as a bad thing. Thats toxic.
Of course, but you missed part of the point. Open source devs are providing code for free, the least the user can do is provide bug reports without rude language/demands.
I agree. But that goes both ways. Devs shouldn't be rude to contributors of bug reports. And the Lemmy devs have been real assholes to most of their contributos.
Theres a reason they have this reputation.
Probably some sort of mix, like federated or crowd-sourcing, but either simply means more maintainers/supervisors.