• erAck@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        1 年前

        Malicious account holders with a long term goal need to build reputation. It doesn’t matter much that such an app isn’t a dependency of other software.

        • steeznson@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 年前

          Practically every FOSS project is actively looking for volunteers/maintainers all of the time. More contributors are not problematic.

          The xz problem was that they socially engineered the main dev into giving them the keys to the kingdom.

          • erAck@discuss.tchncs.de
            link
            fedilink
            arrow-up
            0
            arrow-down
            1
            ·
            1 年前

            Making one a maintainer (with merge and possibly even direct commit/push permissions) is handing them a key to the kingdom. Recruiting a maintainer out of the blue without them being already contributor and long term participant in the project is questionable.