Hacker News new | past | comments | ask | show | jobs | submit login

I guess you have never had commit rights to any Linux distribution or such?

You don't get commit rights as a random person, so yes, a commit can usually be traced back to a person. Sure, the committer could have received a patch from a unknown person, but then he's still responsible for the commit.




I guess you are a security expert that knows how every single FOSS project that might be used as dependency works.


That's not what I tried to say. It's up to you as a user to make due diligence and make an informed decision if you want to use the software or not.

Any serious project would have some form of web of trust and know who has commit rights. It's up to you to decide if you trust their web of trust.

I guess from your comments that you are not actually interested in contributing to the discussion since you just sprout single line comments with no information at all.


I contribute with experience instead of FOSS ideology absent from how things actually work.


No, you throw out nonsense single line sentences that say and contribute nothing.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: