Comment by marcus_holmes

Who's going to vet the applicants to ensure that they're not secretly working for bad people, and that as soon as they have sufficient permissions/lack of oversight they'll inject malware into the project and ship it?

We're seeing ever-increasing supply chain attacks. All these bazaar projects are vulnerable to that.

It's going to take some serious funding to get the kind of oversight we actually need to secure this stuff properly.

And the clock's ticking - those maintainers from the 90's are going to retire, and we need to have some way of replacing them