Mastodawn

Marcia Apr 20, 2025

@bagder Hey. They're talking about your stuff over at OSI discuss. Not sure if you knew or not. Maybe you could shed some light on the topic. https://discuss.opensource.org/t/curl-bash-trust-as-a-privilege/1011

`curl | bash`: Trust as a privilege?

We often hear that using curl | bash is insecure. That no one should ever pipe remote scripts directly into a shell. And yet… the biggest open source projects do it all the time. Docker installs with curl | sh. nvm, oh-my-zsh, Homebrew – all follow the same pattern. And we trust them. Why? Because they’re popular? Because they have a logo? Because their websites look professional? Meanwhile, smaller projects are held to a different standard. They are questioned, scrutinized, distrusted – e...

OSI Discuss

Marcia Mar 28, 2025

Show thread

tecHunt Mar 27, 2025

@bagder Bad actors generating outrage to divide/destroy foss communities.

Marcia Mar 27, 2025

Richard Littauer Mar 26, 2025

The OSIs purpose is to be a trusted, legitimate source of truth for what open source is and how to use it.

When they fail at holding meaningful, equitable elections, and when they push through controversial work like OSAID and then gag board members from disagreeing with it publicly, they undermine their own work.

I don't know if the OSI needs to exist right now to legitimize OSS. It doesn't stop snake oil OSS or open washing. Surely the public can just call a spade a spade on their own.

Marcia Mar 25, 2025

daniel:// stenberg://Mar 25, 2025

This week #OSI helps us realize how quickly you can demolish trust in an organization.