How would you filter open source developers?They obviously need to meet a certain standard before contributing lines of code to kernels and security features
>>100183971>what are code to reviews>what is automated testing Has nothing to do with experience but with repo maintainers being lazy
floss means you and me and everybody else uses what you and me and everybody else wroteso, maybe u have to get kicked out 100%?
>GNOMEUnsalvageable project.>KDEWarns you that plugins can run arbitrary code. In this case, it wasn't even malicious, just an odd bug caused by the Plasma 5 to 6 transition.>xzBan chinks unless you know exactly who they are and are certain BEYOND A DOUBT that they can be trusted, like Felix Yan.Also, yell at the Debian troons until they stop normalizing shitty hacky patches like the one the xz backdoor exploited.
The old model of open source cannot survive because it assumed a particular human condition (being a white man).White men have certain virtues, such as a high personal standard, and honor that made the open source model possible. Though bad actors could exist, the nature of the white man was to only contribute if he felt his contribution was worthwhile and a high standard and only in good faith.Other races did not evolve with the same pressure of social cooperation as white men did. They don't have a built in gene telling them they need to do high quality things for the benefit of the community or that they can't betray the community for short term gain (because whites being ostracised in old times meant freezing to death in winter).As such SHITSKINS will contribute but their contributions will be half assed, lazy, cut corners or, at worse, even be deliberately poisonous because SIR CHINA PAID ME 20 RUPEE TO BACKDOOR SIR! Open source assumed a certain level of intelligence and trust. Nowadays 1 trillion shitskins are "contributing" to open source so they can "put it on their resume".
>>100183997>Also, yell at the Debian troons until they stop normalizing shitty hacky patches like the one the xz backdoor exploited.you are a fucking nigger, anon. they didn't need to do anything like what your schizophrenia suggests. it literally modified modified the library, including hash checks, and hid in obfuscated form in a tarball.>Ban chinks unless you know exactly who they are and are NEVER work with chinks ever. >>100184128> Nowadays 1 trillion shitskins are "contributing" to open source so they can "put it on their resume".that isn't happening.
>>100183971You existence don't matters.
>>100184139>that isn't happening.
>>100183971>blames glibc>not systemdinteresting...
>>100184240
>>100184240>>100184265SIR do the needful and approve the PR sir!
>>100184128This. It's hilarious how quintessentially 'aryan' open source was despite the actual devs mostly being libshits. White kindness and altruism truly is a double edged sword.
>>100184240>>100184265I fear the day a jeet realizes he can automate this pointless process using GPT and uses GPT to write an automation tool.
>>100184427like this?
>>100184128>>100184393Neither of you have written a line of production code in your lives.
>>100184445zero lines of production code = zero backdoors and zero bugs createdsounds good to me, I would hire them.
>>100184139>you are a fucking nigger, anon. they didn't need to do anything like what your schizophrenia suggests. it literally modified modified the library, including hash checks, and hid in obfuscated form in a tarball.Afaik sshd doesn't depend on xz. It was a patch that Debian is using for better systemd integration. It brought systemd library that indeed has dependency on xz.This is why Arch wasn't affected - they tend to not patch upstream packages.
>>100184445I, unfortunately, have been writing production software for 3 years now
>>100184139>it literally modified modified the library, including hash checks, and hid in obfuscated form in a tarball.And without the sshd patch, the entire exploit did literally nothing at all. Arch, for example, shipped the backdoored versions of xz, but was immune to the backdoor because it doesn't ship OpenSSH with the patch applied. As it turns out, the developers of the software know better than distro jannies!
>>100183971Make repos private and only share code to paying customers or people that can prove to have downloaded and used your software.
>>100184496>crack software to make it look like it was bought>get into the repo>git clone>repost this everywhere from behind 7 proxiesno refunds proprietranny
>>100184496there should be some sort of FOSS contributor passport