• smeg@feddit.uk
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    Hopefully this xz scandal will give the kind of big corps which already pay OSS maintainers the kick up the arse required to treat their entire supply chain as a potential attack vector that should be audited and supported. Or maybe I’ve just asked the monkey’s paw for increased corpo control over OSS projects…

    • blusterydayve26
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      That used to be the dream: corps hired you to work on the thing they needed that you were good at. Now, though, they just want everything for free and just acquihire to reassign you to whatever makes more money.

      • smeg@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I think the real old big dogs like Microsoft, Google, and IBM still have a lot of dedicated developers for big projects like the Linux kernel. I doubt they bother that much with smaller projects though.