Dear all,
I’m sure you’ve heard about the security flaw that’s been making the headlines lately:
What we know about the xz Utils backdoor that almost infected the world
Beyond the technical details of the attack (which I find quite impressive), my attention was drawn above all by its human aspect. The article below examines it in detail:
A Microcosm of the interactions in Open Source projects
It is interesting to analyze the manipulation that leads the maintainer to consider himself at fault with the community of users of his tool.
The author was obviously tired, even depressed, because, faced with unsympathetic users arguing that “the community wants more!”, I would have responded with contempt. I would have told them that if they weren’t happy, they had the right to fork the project or use another component (Incidentally, it’s true that forking can be beneficial for everyone, when the historical leaders burn out without being able to hand over the reins).
Certainly, we can consider that publishing free software commits us to the people who have believed in us and chosen our tool, that we must live up to the community’s expectations and not disappoint them. It’s to the credit of all maintainers that they care about this. But remember, we can only go the distance if we take care of ourselves, our physical and mental health. By doing so, maintainers do themselves and their community a favor, whether the community understands it or not.
Remember, too, that your interlocutors may be ill-intentioned, or that they may lack the consideration that is due to anyone who makes their best efforts to provide an extremely useful tool free of charge.
So, Orekit and Hipparchus maintainers, take care of yourselves!