[stickfigure]

You put a strangers code on the...website, without reviewing it and without knowing what’s in it.

There is not a single person in the entire history of web development that this sentence does not apply to.

[avereveard]

Bullshit. IBM at least takes dependencies very seriously and while the system is not infallible there are persons whose role is to review what the heck people are including in the software, making sure there aren't hidden backdoor or potential licensing issues.

[msla]

IBM contributes to the Linux kernel, so it might vet that one component, but does it vet every single component in an actual, functional distribution? That would be absurd.

[verdverm]

No way they do, I included go packages and npm modules that were not vetted by others or myself. They do have a license review, with many licenses being pre-approved.

[recursive]

They probably all would have gotten fired too.