In the UK, despite background checks, police checks, references, etc bad people still get to work or volunteer with children and go on to abuse. This applies to the police, NHS, which has seen recent horrific incidences. Lucy Letby, Wayne Couzens et al.
I don't think we can mitigate against this 100 percent, what works is the fact people act on their instinct and raise concerns, the first step in finding out what is going on.
I think the same applies to free software contributions, we value contributors, but there are lots of checks / balances in place, in this case the concern was a drop in performance, and thank fully it raised a red flag for further investigation.
Could be a newbie programmer making an error, or an experienced programmer making an error, or a bad actor with malicious intent.
We are human can't catch everything, we can do our best to though.
Let's not aim blame, but learn from this. Which I AM very confident the community will learn from this.
Agreed, I did see a reply on here that suggested what happened in this case may have been malicious, I can't find the reply, but we simply don't seem to know at this point.
@schwa I suspect in the coming years we are going to learn a whole host of critical OSS packages are maintained by essentially one person as that person struggles to find someone to take over so they can retire. Or worse.
Add comment