Remember the XZ hack a few years ago? That whole mess started with a targeted harassment campaign towards the project’s lone maintainer. Eventually the sock puppet accounts wore him down and he was convinced to bring on a second maintainer to help with the project… who also turned out to be a sock puppet and who introduced the critical backdoor into XZ.
A lot of research has been done into this event since it happened, and the current consensus seems to be that both the harassment campaign and the malware creation were done on behalf of the Russian government.
So we’re now in the era where FOSS maintainers have become the targets of literal nation-states.
Think bigger.
Remember the XZ hack a few years ago? That whole mess started with a targeted harassment campaign towards the project’s lone maintainer. Eventually the sock puppet accounts wore him down and he was convinced to bring on a second maintainer to help with the project… who also turned out to be a sock puppet and who introduced the critical backdoor into XZ.
A lot of research has been done into this event since it happened, and the current consensus seems to be that both the harassment campaign and the malware creation were done on behalf of the Russian government.
So we’re now in the era where FOSS maintainers have become the targets of literal nation-states.