Hacker News new | past | comments | ask | show | jobs | submit login 

    > This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.
No, it doesn't. I stopped after read this. Jia's "attack" was near state level actor stuff. A bunch of emails asking/begging for commit access sounds like a 16 year old sending emails from the basement of his parent's house.



It's openssf… All of their posts are basically "install our github action, get our scorecard!". Which I personally think is completely useless.

If they want open source maintainers to do boring compliance stuff, they can pay them.

I won't be doing that for free for sure.


> A bunch of emails asking/begging for commit access

This is not what it says. If you're going to argue, argue with the text from the article not a made up reinterpretation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: