The whole point of 'Open Source' is that we can use code which might otherwise be a bit 'random'.
It's not 'Institutionalized Open Source' it's just 'Open Source' i.e. we're not all Torvalds.
So, credibility etc. is a very fickle thing otherwise, this is a serious security issue and we really don't have answers.
We used to think about code as 'logic that works' but now we have other criteria, I wonder if our FOSS models need to adapt bit.
I suppose the message is "read the code you're using" but that is hard for big libraries and frameworks.
Obviously using one's code where they are impersonating someone else is a big red flag.
I don't know what the answer is, but the model has to be changed.
The whole point of 'Open Source' is that we can use code which might otherwise be a bit 'random'.
It's not 'Institutionalized Open Source' it's just 'Open Source' i.e. we're not all Torvalds.
So, credibility etc. is a very fickle thing otherwise, this is a serious security issue and we really don't have answers.
We used to think about code as 'logic that works' but now we have other criteria, I wonder if our FOSS models need to adapt bit.