Comment by raesene6
8 years ago
It's not quite the same thing as, AFAIK, the debian project doesn't have the same power as an employer does to do background checks before hiring.
There's a significant level of risk around open source projects changing hands, something which may be invisible to the users of those projects, especially as they become more heavily used and therefore more tempting targets for attackers.
Employers only have that power because you grant it to them. Of course you don't have a lot of choice if you want the job.
In theory, Debian or any organization could do the same background check, but is that the best use of their limited resources? And would they want to do it anyway given the ideals of the general OSS community?
Sure, my point was companies do do that checking and Debian doesn't do that checking, so from the perspective of this risk, it would be harder for an attacker to do this to a large corporate like Microsoft than it would to do it to an open source project like debian.