[eternityforest]

Until now, there was a social process of trust and reputation that was good enough.

At the moment, supply chain attacks seem to be mainstream enough that a normally trustworthy person could consider doing them, so trust becomes harder.

This is why you don't accept or encourage antifragile/vigilante/cowboy/etc behaviour, or any kind of sabotage of infrastructure.... now it's cool and trendy. There's millions of wannabe unabombers who just need any excuse to disrupt tech.

Remember that guy who wanted people to suddenly pull npm packages without warning?

Tech culture used to be way more awesome. Now it's a bunch of people who wish they were doing pure mathematics or random weekend tinkering, who hate their industry, and would be perfectly happy to see a lot of it gone, and a forced return to the days of paper notes and brass keys with no tracker.