Jerry 🦙💝🦙Mar 30, 2024

I can’t tell you how angry this makes me feel for this maintainer.

I don’t know who Jigar Kumar is, or what the motivation was behind the emails that the author is referencing, but I can tell you if I was trying to get a bad actor in as a trusted developer, this is how I would approach it.

Good post.

https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

A Microcosm of the interactions in Open Source projects | RobMensching.com

Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.

Show threadJobu TupakiMar 30, 2024

from now on, every beleaguered solo #FOSS maintainer should rebut each and every nasty, inhumane pressure campaign by referencing this attack on #xz:

« Nothing is so urgent that it cannot be done safely. Articulate substantive technical issues in an issue; then take a number, and remove such unconstructive personal invective to more appropriate forums than this project's mailing list or issue tracker. »

Show threadJobu Tupaki

i would further amend my Code of Conduct to prohibit disparagement of a maintainer's "productivity":

« This project honors the legacy of #LasseCollin and the #xz infiltration. Manufactured urgency criticizing a maintainer's throughput, dedication, or competency to keep pace with specious "community demands" will be regarded as hostile social engineering, and harshly sanctioned (permabanned). »

Mar 30, 2024 at 8:09pmFedilab