|
This seems like a rather silly form of protest. Delete people's files and the only thing you're creating here is more hatred directed at yourself. If you want to sabotage all Russians for some weird reason, just introduce a race condition that's masqueraded as a compatibility fix for the Russian locale. If you want to send out a message, take a more peaceful approach. Create file or print out a translated message like "<Citizen name>, age <age>, was killed in the illegal Russian invasion of Ukraine on <date>" in Russian. Add a link to a picture or a news article if you want. Still a pretty annoying move, probably universally considered in bad taste by most people, but not illegal or destructive. Add something like "the economic recession is because the Western world opposes the Russian government" to make that clear as well, because the immense inflation will probably hit random citizens hardest. Best case scenario you're informing some ignorant Russians stuck behind state propaganda, worst case scenario you piss off some Russian nationalists who will stop using your library. In the end, this is just another demonstration of how dangerous modern dependency management is. NPM has been through leftpad, colors, now node-ipc, and there's still no way to prevent it from happening again. I don't know of any language ecosystem with a package manager that doesn't have this problem as well. Perhaps the more boring/slow software dev requiring OS package managers, because Debian maintainers tend to be a little more level-headed than random Github users? Take your pips, cargos, gems, gradles, composers, and you'll find exactly this vulnerability. The general consensus seems to be "it's impractical to validate all the code we're pulling in, so there's nothing we can do", which is kind of crazy in my opinion. Yes, modern dev does pull in a billion dependencies for every framework, but doing nothing just isn't a problem. We're one NPM hack away from global catastrophe as long as we don't find a solution for problems like these. |