Hacker News new | ask | show | jobs
by geoelectric 802 days ago
I find it unfortunate that Schneier chose to underline the XZ maintainer’s mental health issues (literally—he linkified it) as the reason he’d slowed down on the project, which then led to being open to taking on the malicious co-maintainer.

Schneier then follows that linkified fact up immediately with a parenthetical that Collin isn’t to blame. But then why call out that very potentially stigmatic thing at all, with sources to boot?

That explanatory note from Collin was buried in a mailing list and was at most a footnote to this story. Now it’s going to be part of the public accounting pushed by a famous security pundit with international reach, and with very little other context given to mitigate.

Either Schneier was trying to make a point of some kind, in which case he sure wheedled around it, or he should’ve been considerably more careful with essentially the only personal fact he chose to highlight about Collin. Either way, I’m disappointed.
2 comments
genter 802 days ago
Because the attackers successfully exploited it. And therefore it's something we need to prevent from happening again. The problem is there isn't an easy technical solution, this is is a social/medical issue that they exploited.
link
geoelectric 801 days ago
Slowdowns happen for all kinds of reasons. Life comes first. The explanation behind the slowdown wasn’t relevant here or a factor in the attack. They exploited the growing need for a co-maintainer. Airing the dude’s medical issues, particularly out of context to an unintended audience, isn’t awesome.
link
bowmessage 802 days ago
Ah, yes, the panacea for all mental health problems: brushing them under the rug and not talking about them.
link
geoelectric 801 days ago
Is everybody with mental health issues required to offer them up for public discussion at every opportunity?

His mental health wasn’t relevant to the attack from any report I’ve read. That makes it a bit odd and more than a little thoughtless to highlight it.

People slow down on projects for a ton of reasons. The guy could have been in chemo or had a kid. The result would be the same: he’d need a co-maintainer to keep the pace. The attackers would’ve capitalized on that. They’d plainly been waiting for whatever opportunity would work.

link