Possibly my biggest issue with the philosophy of having passionate individuals maintain and build critical infrastructure is that you've basically created a FOSS project, but now you're using it to run critical infrastructure.
And judging by what I've seen on Mastodon about the xy backdoor, placing the onus of the blame on the individual who wasn't policing pull requests for what seems like a significant portion of the infrastructure as a whole (please correct me if I'm wrong here) seems to be the preferred approach.
Now, I'm a complete dumbass when it comes to Linux systems, but a supply chain attack that can compromise a Lot of Shit because one person is the single point of failure makes me squint my eyes so much they may as well be closed.
Isn't this the same community that welches about putting one's eggs all in one basket like with the Microsoft or Apple spaces? And yet...
I'm not liking what I'm seeing and I'm not too confident that FOSS communities are willing to nor will they possibly learn something from this if their takeaway isn't "Don't build so much shit off of the idea that Bob Will Never Fuck Up"
Having been repeatedly physically threatened by Washingtonian voters in person when I worked for the state park system, voters, who through voting for legislators enabled the passing of the SB 5622 bill in 2011 so that they would have to pay for user fees for parks instead of having a massive amount of them shut down due to a lack of money to fund them otherwise...
Generally have no fucking idea that it costs money to maintain things and hire people to maintain these things, and then make sure those people stay there, by funding higher wages and benefits and pension programs.
In short, people take public services for granted until they do not exist. I accept this as a general rule.
