this post was submitted on 31 Mar 2024
109 points (97.4% liked)
Open Source
31095 readers
482 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Making one a maintainer (with merge and possibly even direct commit/push permissions) is handing them a key to the kingdom. Recruiting a maintainer out of the blue without them being already contributor and long term participant in the project is questionable.
I believe that the bad actor was a contributor for several years before becoming a maintainer
Apparently not, you can check commits in https://git.tukaani.org/?p=xz.git;a=summary the first authored commit was 2022-01-28, then long time nothing until 2022-06-10, the first merge as committer was 2022-12-16.
Interesting! I'd not realised it was so recent