3. "I don't know what to say."– Backdoor in popular event-stream NPM repo (github...

"I don't know what to say."– Backdoor in popular event-stream NPM repo (github.com)

The OPs excuse of "I'm not being paid, If it's not fun anymore, you get literally nothing from maintaining a popular package."

Really? You create a package for fun, OK that's totally fine.

But now you publish it, and millions of people use it.

But because you're not being paid, and because it's not longer "fun", you think it's totally acceptable to hand it off to some random Japanese Github account with no projects?

Why does being paid matter? There are millions upon millions of gratis (free, not as in freedom) projects that developers create.

How would you like if your free github, reddit, facebook etc.. account was compromised and your personal information lost, or w/e.

And the dumb as fuck excuse is "Well you don't PAY me, why would I do something UNFUN if I'm not PAID" is what you're given.

How childish can you be?

Was it a naive mistake? Yes. Can we move on? Sure.

But it was still an irresponsible mistake from a Security Expert, and a completely unacceptable lame excuse that it doesn't matter millions of projects were probably compromised because it wasn't "fun" or it wasn't "paid for".

Sounds exactly like those companies that leak oil into the water, or bulldoze irreplaceable rainforest because money always trumps social responsibility and being a decent person.

/r/programming Thread Link - github.com
Previous
Next

Recently removed from /r/programming

A Plea for Fairness for Non-profit Developers of Open Source Software TIL It takes developers 23 minutes of uninterrupted focus until they hit their “flow” state - the stage in which they do actual coding. Slack messages, fragmented meeting schedules and the need to be "available" online is hampering the possible productive gains “ChatGPT Will Replace Programmers Within 10 Years” - What do YOU, the programmer think? Docker is deleting Open Source organisations - what you need to know Disambiguating Arm, Arm ARM, Armv9, ARM9, ARM64, Aarch64, A64, A78, ... ASP.NET Core Blazor - A Complete Overview The Case for Functional CSS Why we ditched GraphQL for tRPC Single mom sues coding boot camp over job placement rates Good day. I'm writing a QUIC proxy in C. It's halfway done. It uses HTTP as protocol. Parser written, QUIC implemented through MS's library. Please star if you like. Thanks. Meta releases Sapling, a new way of using source control We’ve filed a law­suit chal­leng­ing GitHub Copi­lot, an AI prod­uct that relies on unprece­dented open-source soft­ware piracy. We Need To Talk About The Bad Sides of Go GitHub Copilot investigation Is a ‘software engineer’ an engineer? Alberta regulator says no, riling the province’s tech sector

More Random Comments

what is that flag with the flower on it? found in Schiedam, The Netherlands Don’t know what to do or feel. Can I stop contributing to retirement? How to not feel disappointed/angry at friends who are not there in a time of need? As a son of a teacher, how does it feel to get treated at school? New Gay Discord Why do so many people feel the need to defend Kathy Hilton? We Now Have Clear Proof the Vaccine is Dangerous and That The CDC Concealed It Anyone get depressed listening to Michael now? Americans, why is tipping proportional to the bill? Is there extra work in making a $60 steak over a $20 steak at the same restaurant? Recruitment Thread: Post here for a new club or members! I love being a business owner but I’m so lonely Grief in med-school and trying to bounce back Are multiple networks affecting speed of wifi and power consumption? I believe Scarlet and Violet will be the worst mainline Pokemon games we've ever received. (Part 1)