Supporting projects - either with money or helping with code review in a transparent way.
The xz maintiner was burned out, bullied for being negligent (likely by the attackers), had personal mental health issues and became the first victing of this backdoor long before the code was merged.
Ideally, developers on projects like xz would band together. Projects like that rarely see much development, but when they do, it’s a lot all at once. So devs being able to move between a handful of projects would lighten the load on everyone.
So if you maintain a FOSS project, consider helping out with others related to your project (e.g. dependencies), and consider reaching out to devs of those projects for help on yours as well. It would be awesome to have a few pockets of dev coalitions so devs feel more comfortable taking a step back.
Supporting projects - either with money or helping with code review in a transparent way.
The xz maintiner was burned out, bullied for being negligent (likely by the attackers), had personal mental health issues and became the first victing of this backdoor long before the code was merged.
Ideally, developers on projects like xz would band together. Projects like that rarely see much development, but when they do, it’s a lot all at once. So devs being able to move between a handful of projects would lighten the load on everyone.
So if you maintain a FOSS project, consider helping out with others related to your project (e.g. dependencies), and consider reaching out to devs of those projects for help on yours as well. It would be awesome to have a few pockets of dev coalitions so devs feel more comfortable taking a step back.
That’s a very good idea. Support your dependencies’ maintainers people.