@Mer__edith Unfortunately the only proposed solutions I've seen to deal with FOSS maintainer abuse come down to "why can't everyone just...", which isn't a solution at all. Even if 99% were to behave perfectly, 1% is still enough for maintainers of any somewhat-often used project to encounter shitty behaviour regularly.

Add to that the fact that that behaviour sticks with you far more than a compliment, and we've got.. Not a great situation.

@Mer__edith

"The lone hacker trail also seems unlikely given the time and resources invested, or even the capabilities of exploiting such a massive flaw. An intelligence service, a powerful group of hackers, or even a state are more likely suspects…"

Source: https://gettotext.com/who-is-jia-tan-and-how-this-hacker-almost-controlled-millions-of-websites/

Why am I not surprised? 🧐

@Mer__edith I'm not entirely sure I understand what you're saying. Popular #FOSS is generally higher-quality than commerical closed source apps and libraries, but any tool with a low bus factor has higher inherent risk than something with tons of active contributors.

I've never had to maintain a FOSS tool with enough stars to have to please anyone but myself, but there are *many* tools we all rely on that have very few maintainers that understand the whole code base. What's different here?

@Mer__edith I worked for SCO back in the late 80s and early 90s, and a (now) extremely well known open source evangelist was trying to get the word out about open source, including getting a major project he was running in use on SCO Unix.

There was an incompatibility between that project and the package that SCO already shipped that did the same task. But, in theory both packages could be used at the same time if the incompatibility was resolved.

I wanted to try the new open source tool, so I emailed the maintainer (long before we used that word), and proceeded to have a brief and downright shitty exchange that didn't end up solving the compatibility problem.

After that I decided to avoid that individual from that day on, which I have. That was my introduction to FOSS culture.

I should point out that before Internet and search engines were in widespread use, most strangers I interacted with online assumed from my name I was a woman. The ick factor was high at times. Not sure if that influenced that crappy interaction outlined above, but later news about that individual makes me think so.

@Mer__edith I don't get why anyone would tolerate shitty behaviour in a public context. Where there are other ties, like family you may choose to try harder etc, but in public why?

It's a serious question because helping people stop doing that would be a big positive step. I don't tolerate it anywhere, not IRL, not on SM and wouldn't on my FOSS 'properties'. (Lucky for me the latter are not yet popular enough to have attached that, but I do expect it as things take off.)

@Mer__edith Not only that, it has been defended as *meritocracy* and* a filter* to keep all the "noobs" out and create code that's *truly the best*.

Odd.

@Mer__edith Reminds me of this classic
- misogynists make great informants: https://truthout.org/articles/why-misogynists-make-great-informants/

-