Of course if there were a large company maintaining XZ Utils then that would dramatically mitigate the cyber risk, but isn't this is the default economics of OSS?
Approaching it from the point of view of "it's obviously unjust and stupid that people voluntarily offered their software for nothing" without questioning the prior seems a bit short-sighted.
If you want to say "no one should use OSS because of the cyber risk", you might be right. But then what should replace it? What's the proposal?
Approaching it from the point of view of "it's obviously unjust and stupid that people voluntarily offered their software for nothing" without questioning the prior seems a bit short-sighted.
If you want to say "no one should use OSS because of the cyber risk", you might be right. But then what should replace it? What's the proposal?