• cmhe@lemmy.world
    link
    fedilink
    English
    arrow-up
    49
    arrow-down
    4
    ·
    1 month ago

    One notable software business professional interviewed by RBC thought that the West’s decision would “adversely affect the life of the developer community, mutual trust within it, and therefore the quality of the product.”

    It was Russia and other autocracies etc. that diminished the trust by actually financing developers for multiple years to first earn trust and finally introduce backdoors into open source software, as demonstrated by the XZ utils backdoor.

    In open source projects, maintainers need to have some initial trust into each contributor, and let this trust naturally grow with time and contributions. They cannot perform intensive background checks on everyone before accepting a patch.

    While it is easier to uncover backdoors in open source software, there is no good way to defend and prevent against this kind of attack in this type of development process. All open source projects can do is trying to take away some trust from people within higher risk groups. This of course might lead to discrimination.