WingNews logo WingNews
top | item 39874287

(no title)

darnir | 1 year ago

This exact thing happened to me. I maintain a fairly popular free software project. A few years ago, I received an email from a nasa.gov domain claiming that they want to use the project internally and are auditing all their suppliers. They wanted documentation on me and on how I audit my supply chain for the project. Not cool. I don't have time for these shenanigans in my personal time.

discuss

order

jdiez17|1 year ago

I'm sure you had the choice not to provide that documentation, right?

darnir|1 year ago

Well, yes. And I chose to exercise that right.

The point of the anecdote is to supplement the parent poster by stating that their hypothetical scenarios are already happening.

We should have better testing and more eyes on incoming code for projects we depend on. But my point I guess is that vetting maintainers is not an option.