[yjftsjthsd-h]

> years, and provoke some drastic changes to the way we do open-source software.

I object to this phrasing because it makes it sounds like the FOSS software is at fault. The problem is that companies are pulling random code off the internet and sticking it in products without auditing or understanding it, so the only solution needed is for companies to actually pay attention to what they're using/shipping (possibly by holding them liable when people are paying for their products, but that could have side effects). In particular, pretty much every FOSS license I've ever seen explicitly says that the software is offered without any claim that it's good/usable/safe, and you can't limit that limitation of liability without seriously screwing up the whole FOSS ecosystem.

[marcus_holmes]

I totally understand and agree with that. But we don't live in a perfect world where people do the things they're supposed to do. And there are lots of developers out there who will pull in a malign FOSS library, then blame everyone else when it does exactly what the code said it would do.

Just like every other avenue of life, we're going to have to dumb down what we do so that idiots don't hurt themselves.