the security model for open source is very complicated, and made even worse by the very nature of it being driven nearly entirely by unpaid volunteers.
we don't have a good solution to this problem, and i'm not even convinced one is possible under our late-stage capitalism.
please remember to be kind to and thankful for OSS contributors and maintainers.
