• 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
    link
    fedilink
    arrow-up
    24
    ·
    9 months ago

    second, because there is no one else to pass the project to.

    If I ever maintain a FOSS Project this one will be one of the things I need to figure out along the way, surely there’s someone trustworthy out there, surely

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      44
      ·
      9 months ago

      But why take a chance? It’s easy for anybody who’s truly interested to fork it, and if you’re calling it a day it’s all the same to you.

      The problem with endorsing someone else is that they inherit all the clout without having put their time in. Let them prove themselves.

      • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
        link
        fedilink
        arrow-up
        13
        ·
        edit-2
        9 months ago

        But why take a chance?

        This could be a simple answer as : I don’t wanna cause inconveniences to my users to a more complexe one such as… umm, ideological reasons… I don’t want to see a project I started get archived or taken down…

        Let them prove themselves.

        It’s a requirement…

        to me finding mainteners is part of what makes a FOSS project successful

        • hitmyspot@aussie.zone
          link
          fedilink
          arrow-up
          6
          ·
          9 months ago

          As I see it, there are 3 options.

          Allow forks and let community sort itself.

          Pass on to someone trusted, that ideally has been part of the project for a long time, or even the start.

          Have a fork that is officially endorsed.

          Depending on the software, different approaches may be appropriate. For something like this with VPN, I would want the fork to be vetted by the community before trusting it. If the original owner endorsed one, id probably update to it quickly but keep an eye on the community.

          If it was something with less security risk, id probably move quicker if features were added I like. With something like this, with higher risk, id be assessing forks and alternatives equally.

    • SzethFriendOfNimi@lemmy.world
      link
      fedilink
      arrow-up
      16
      ·
      edit-2
      9 months ago

      Lesson learned from the whole XZ thing. Anything related to security does run the risk of nation state actors abusing trust. Makes it hard to do right