The OSS community has yet to come to grips with “Companies with $50 million in the bank send an incredible volume of support requests to people who are worried about making their $600 rent, and the community and culture in OSS makes this feel normal.”https://twitter.com/devonzuegel/status/1067497894394028032 …
-
-
People want someone to blame for this security incident, and while I sympathize with that emotional desire, folks wouldn’t be fulminating nearly as much if (non-responsible) engineers were getting paid $200k and ate at same lunchroom.
Show this thread -
It’s a really curious sociological thing that the fact that folks are exploiting the OSS devs here, and I’m not choosing that word lightly, is what gives them social permission to hold their own engineering practices blameless in the process of doing the exploitation.
Show this thread -
I did consulting for a number of years. You know what happens if someone discovers a bug in the general vicinity of one of my 2012 consulting deliverables? Nothing happens, because everyone involved is a professional. They pay someone to fix the code they bought for $X0k.
Show this thread -
In the very unlikely event that they were to say “Oh hey Patrick we have discovered a security vulnerability here... I know you’re probably busy what with working at another company, but could you drop everything to fix it?”, I would politely and firmly point to the MSA and SOW.
Show this thread -
(Contracts which define the relationship between a consultant and their client viz things like Acceptance Criteria, and which are very unambiguous about “After you’ve accepted a deliverable this work is *over.* If you want more work, enquire about rates and availability.”)
Show this thread
End of conversation
New conversation -
-
-
As you know I'm in 100% agreement. I do think while there's a lot of cachet to being, say, the company that employs Guido or Rob Pike, it's a much harder social sell to employ the author of left-pad, despite them all being foundational
-
Yeah, for the below-the-line stuff I’m happy with folks just writing checks rather than offers. (The world’s upside down where leftpad is important enough to cause an incident in thousands of companies and simultaneously those companies are unwilling to write it a $1,000 check.)
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Sounds radical. But it is the only reasonable solution.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Can you and a few others from the, say, Microconf community keynote all FOSS events for 3 years? That should fix it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.