The author seems particularly hung up on the legal implications and consequences of being an open source contributor or project maintainer: "not all legal consequences can be waived", "distance to the legal system", "the real world legal consequences are then stuck with me", etc. It would benefit us all for the author to be specific about these if they are indeed real, as to my knowledge these are mostly FUD.There are certainly negative aspects to being an open source project maintainer [1] but being legally liable for code offered as-is that you did not author, or being droned by a foreign military intelligence service for accepting a backdoor contribution are not it.
[1] https://daniel.haxx.se/blog/2021/02/19/i-will-slaughter-you/
the_mitsuhiko|1 year ago
nindalf|1 year ago
Take the xz incident from this weekend. No one is crucifying the maintainer who gave Jia Tan commiter rights. No one is prosecuting or persecuting them. Everyone understands that they were under stress. I’m yet to see a single negative thing even been written about them.
The legal consequences you fear feel more imagined than real. As long as you do the best you can with the knowledge you have, no one is taking you to court or putting you in jail over it. I know people online don’t take the No Warranty clause statement seriously when they demand support, but a court definitely will.
At worst someone may come and ask you “is Jia Tan your alter ego?” And leave when they realise its obviously not.
But if you’re arguing that you’re risking reputational harm, where you might get a rep as “the guy who lgtm-d the backdoor PR without reviewing closely”, yeah that’s possible. And it’s a reasonable fear. That’s a risk you’re taking when most of the reward is to society benefiting from your work.