alt Hacker NewsWho's going to vet the applicants to ensure that they're not secretly working for bad people, and that as soon as they have sufficient permissions/lack of oversight they'll inject malware into the project and ship it?
We're seeing ever-increasing supply chain attacks. All these bazaar projects are vulnerable to that.
It's going to take some serious funding to get the kind of oversight we actually need to secure this stuff properly.
And the clock's ticking - those maintainers from the 90's are going to retire, and we need to have some way of replacing them
> Who's going to vet the applicants to ensure that they're not secretly working for bad people
The same person who vets people who approach you as a project maintainer today and offer to participate in maintaining your FOSS project.
That is to say, what I've asked about is not intended to solve security problems, just a lack of exposure / connecting interest-with-need problem.