So you’ve found a security issue in an open source project – or maybe just a weird problem that you think might be a security problem. What should you do next?
I was invited on the Sustain podcast to discuss my recent rant about open source sustainability. I talked about my reaction to the criticism that open source maintainers receive when they take funding, and how this is a personal issue for me – maintainers aren’t abstract ideas to me, they’re my friends. We discussed my call for a more expansive definition of open source, and got into some of the nuance about some of the problems this can cause.
Tomorrow is Volunteer Responsibility Amnesty Day, a day to reflect on your responsibilities as a volunteer and, if any of them are too burdensome, set them down. I’m observing it this year; here’s how and why.