Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think he was making a tounge in cheek point about how we could finally get extremely well-founded open source projects.


I did not referred to the funding remark. It is besides the point and immaterial to the discussion.

My point was on the remark that this attack vector is somehow only applicable when projects are starting out. This is false, and insinuating this does a disservice to the community. The attack consists of asking someone for the keys. The projects that are the most vulnerable are those who are already established and have a significant adoption rate but are not actively maintained. We are talking about Colors-like and Faker-like projects. All you need to pull this off is posting one message asking nicely for permissions, post a commit, and make a release.

https://fossa.com/blog/npm-packages-colors-faker-corrupted/


The comment was not sincere and is meant to amuse.

If you believe amusement is a disservice to the community then I believe many others disagree.

edit: For clarity, the "since inception" part is an absurd setup for the, equally absurd, "well funded open source" part.


Taking over Open Source, just for the LULz.

There is an extreme lack of sense of humor around these parts.

I lol'd, and thank you for that.


Double whoosh then I guess.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: