The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
Maybe some inspiration from how OpenBSD handles users requesting features.
“No one deserves anything from us. /…/ The developers in this project do the best they can”
or
“If you expected any of us to reply as if we are contractors or your employees, you came to the wrong place.”
Community guidelines in a readme would be a good start. Also, educating those opening new git issues since I often see entitled and vitriolic demands from non-devs who do not understand what FOSS is (although I understand that this isn’t the only bully archetype).
So what is the the solution then? What kind of culture would be more operationally secure?
Maybe some inspiration from how OpenBSD handles users requesting features.
“No one deserves anything from us. /…/ The developers in this project do the best they can”
or
“If you expected any of us to reply as if we are contractors or your employees, you came to the wrong place.”
Community guidelines in a readme would be a good start. Also, educating those opening new git issues since I often see entitled and vitriolic demands from non-devs who do not understand what FOSS is (although I understand that this isn’t the only bully archetype).
Submitig bug reports is a contribution, not bullying. Some devs see reporting a bug as a bad thing. Thats toxic.
Probably some sort of mix, like federated or crowd-sourcing, but either simply means more maintainers/supervisors.