On Thu, Oct 30, 2025 at 8:38 AM Elric V <[email protected]> wrote:
> > Not doing that is profesional misfeasance. > > You are aware that open source software does not come with a warranty or > any sort of promises about being "fit for purpose" or whatever? > Volunteer driven development is not a "professional" undertaking. > Doesn't mean we shouldn't all try our best to deliver stuff that works > and isn't a leaky bucket, but calling it "misfeasance" is many a bridge > too far. I don't believe we are trying to do our best. In 2025 certain principles of secure software engineering are well known and well understood, but too often open source projects don't follow them. Instead they prioritize developer convenience with known bad practices like commit and never review. You can build any random nitro-fueled, Rube Goldberg drag racer you like in your own garage, but it isn't allowed on public roadways. I'm increasingly convinced we shouldn't be allowing software that doesn't meet basic professional standards on the public Internet. On the plus side, if software that runs the Internet were required to meet minimum standards like code review, then mega-corps that depend on these rickety foundations would be highly incentivized to fund improvements so the world no longer depends on the thankless work of one random person in Nebraska: https://xkcd.com/2347/ -- Elliotte Rusty Harold [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
