One developer modified his npm package to delete files and directories if the software it was included in thought it had an IP address in Russia or Belarus.
Then he figured out he was in serious trouble when it wiped out a bunch of non-profits and changed it to writing a 'WITH-LOVE-FROM-AMERICA.txt' file and denied everything. I've seen a few virtue signal messages when updating python packages too.
It's making us look into setting up our own curated repositories where we put audited versions of packages up and block updates from anywhere else.
Bloody nuisance. When this shit starts hitting essential services, utilities and medical equipment things are going to get real interesting. Hopefully the DOD has more sense but they're probably going to be fucked as well.
The open source community spent 25 years trying to argue that open source could be as professionally maintained and depended on as proprietary software, and now these jackasses are pissing away all the goodwill that's been built up.
It's going to open up a business opportunity. We'd probably throw a thousand or so a year for a unified, curated and audited repository for open source libraries. Python, javascript, R and maybe a few others.
Otherwise we're going to have to do it ourselves and live with not being on the latest and greatest.
I've had similar discussions with IRL colleagues. And for regulated industries, provide a validation suite they can run through to ensure that the audited versions of software are working as expected. The validation suite being where the real money is.
Yep. "Protestware" is the new hipster thing.
One developer modified his npm package to delete files and directories if the software it was included in thought it had an IP address in Russia or Belarus.
Then he figured out he was in serious trouble when it wiped out a bunch of non-profits and changed it to writing a 'WITH-LOVE-FROM-AMERICA.txt' file and denied everything. I've seen a few virtue signal messages when updating python packages too.
It's making us look into setting up our own curated repositories where we put audited versions of packages up and block updates from anywhere else.
Bloody nuisance. When this shit starts hitting essential services, utilities and medical equipment things are going to get real interesting. Hopefully the DOD has more sense but they're probably going to be fucked as well.
The open source community spent 25 years trying to argue that open source could be as professionally maintained and depended on as proprietary software, and now these jackasses are pissing away all the goodwill that's been built up.
Though I still like the +NIGGER license
It's going to open up a business opportunity. We'd probably throw a thousand or so a year for a unified, curated and audited repository for open source libraries. Python, javascript, R and maybe a few others.
Otherwise we're going to have to do it ourselves and live with not being on the latest and greatest.
I've had similar discussions with IRL colleagues. And for regulated industries, provide a validation suite they can run through to ensure that the audited versions of software are working as expected. The validation suite being where the real money is.