Comment by Fellshard
5 years ago
Like it or not, it's best to view this incident as having direct parallels to the NPM left-pad incident.
Ignoring the specifics of what led up to this for the moment, observe that a single person was able to completely annihilate an entire dependency's source.
I think one of the primary requisites to reliable FOSS development and adoption will need to be tooling that maintains immutable records to the best of its ability, so that prior artifacts cannot be revoked; you publish code as FOSS, it is with the clear understanding that you have disposed of your authority to revoke it.
There are cases where something may need to be revoked, but make it a multi-layer process at that point, not a single button and one man's whim.
No comments yet
Contribute on Hacker News ↗