Comment by Wilsoniumite
1 year ago
I feel like there is a big risk here, which others have already mentioned, but in fact this risk has already been realized w.r.t npm packages.https://news.ycombinator.com/item?id=41178258
1 year ago
I feel like there is a big risk here, which others have already mentioned, but in fact this risk has already been realized w.r.t npm packages.https://news.ycombinator.com/item?id=41178258
While some mistakes are probably inevitable (like it happened with Tea protocol), sourcing a wide range of metrics from multiple sources, fixing bugs and building reasonable guardrails can prevent them from repeating.
For instance, given that my algo-donating aims to support the global OSS supply chain (not to distribute any crypto tokens like Tea did), it could potentially even focus only only "old" repos. They carry higher maintenance-related risks, but it will take years to distort such target area for donations.