GitHub user Verity1998 created a discussion: A Proposal For The FOSS Community
A plan to fix the critical FOSS infrastructure problem; My name is Ben, and I have an idea that could permanently fix the internet's FOSS project foundation problem, an issue that is threatening civilisation as we speak. I suggest temporarily removing an important package that millions of websites or software rely on to run. You can then tell companies like Microsoft, Apple, Google, Meta & others that if they want their packages back, they must look into the FOSS foundation problem and support FOSS projects so there won't be any more incidents (no more XZ Utils backdoors, no more Log4Shell, no more Heartbleed, nothing) Send them this: https://x.com/CorpseLeague This account has the information they need to know about the catastrophic consequences of this problem. They have got to know what they rely on and we cannot continue to do nothing or more incidents will happen. This will make a lot more people think about how important open source is for the internet and how the world's governments need to watch out for them. We rely on the internet and our digital infrastructure for hospitals, charities, donations and so much more for our everyday lives. To simplify what I am saying, here are the ways that civilisation can collapse from the FOSS foundation problem; A. the package of a FOSS project being deleted after it's reached its end of life (like npm, FreeBSD & zlib, which are important for online services & gaming consoles) B. the lack of manual maintenance in more complex FOSS projects like core-js & the tz database causing almost all our world's infrastructure to eventually break (Dennis Pushkarev and his supporters are backing this logic up; https://www.reddit.com/r/programming/comments/111k9aq/corejs_maintainer_so_whats_next/) C. new maintainer incompetency leading to a mistake in coding which leads to everything relying on the affected project breaking D. a bug in an update to a crucial FOSS project that will break everything relying on that project (Dan Kaminsky fixed a bug in the internet's Domain Name System that could have easily crippled the internet in 2008; https://www.darkreading.com/application-security/black-hat-flashback-dan-kaminsky-saved-internet), or… E. another Log4Shell that will actually succeed in destroying our internet. We can fix this problem for good if we do this. GitHub link: https://github.com/apache/logging-log4j2/discussions/3886 ---- This is an automatically sent email for dev@logging.apache.org. To unsubscribe, please send an email to: dev-unsubscr...@logging.apache.org
