Comment by franciscop

Want to just briefly mention, since the article doesn't mention it at all, the blatant conflict of interests:

> open source project maintainers are not being paid for their work, spend three times as much time on security than they did three years ago, and have become less trusting of contributors following the xz backdoor, according to open source package security firm Tidelift.

> Tildelift: Reduce security risk from bad open source packages