So .us is more trustworthy than .com. Good to know.
Im one of those that think that developers are hiding too much, which makes things like vs code extension viruses rampant.
I wont force you to not be anonymous, but if you are going to run your software on my device I want some accountability. Our salaries should also reflect that.
So far I haven't encountered a single actual virus, and if you're referring to the recent Material Theme debacle, there was never any malicious code involved, only third party libraries with obfuscation.
> So .us is more trustworthy than .com. Good to know.
Be careful about concluding things like that.
The TLD has a requirement that you publish your info. That doesn't mean they have any way of verifying it. If someone could prove that the info was false then they might lose the domain, but they also lose the domain if someone can prove that they're operating a scam. So the scammers just make up fake info and all the requirement is doing is impacting the privacy of honest people who want a .us domain.
I think I understand your point, but your wording leaves some ambiguity. If I am running my software on your device you must be a cloud provider. In that case, the accountability you are looking for is probably not provided in the same way it would be if you were running my software on your device.
Either way, your aversion to anonymity of developers is interesting. It's a discussion for a different thread, but I think an important one.
It would be nice to find such a thread. This is a pet peeve of mine.
It’s one thing if you have a PO Box, and it’s consistently used in your various documents and registrations. I get wanting a firewall to direct availability.
But if I can barely find evidence you exist other than your software, or if you operate a fairly large scale service and you haven’t filed a yearly required corporate report (a specific example I recently came across), then those are red flags to me. Not immediate showstoppers necessarily, but if you’re trying to get me to make a purchase, I probably won’t.
It’s fine if you have domain privacy turned on, but you’re selling me software or services you have got to offer some kind of evidence that you have some kind of business nexus someplace. In a business context, I’ve got to know that for avoiding sanctions violations at the least.
A lot of effort has been spent studying trust. I'm not clear how a PO Box creates trust.
How do you trust that food from McDonalds is safe? How do you trust that Samsung hasn't empowered parties to control the mic on your phone? How do you trust Wells Fargo to hold your deposits? How do you trust the kennel to walk your dog?
Trust is really really hard. So a lot of people choose to adopt a zero trust philosophy.
Except they still eat at McDonalds and buy Samsung and bank at Wells Fargo. But they drop their dog off with Aunt Lawana now, instead of the commercial kennel.
Do you remember when Sony installed rootkits? Do you remember when Windows got compromised every 5th day for two years straight? Do you remember when HP broke every HP printer with a firmware update? Do you remember when the whole world got put on pause because an "anti" malware software pushed a flawed update? Do you remember when a certain credit-rating bureau got breached and exposed the PII of, well, everybody?
Do you remember that every one of these companies went on to post record profits?
Im one of those that think that developers are hiding too much, which makes things like vs code extension viruses rampant.
I wont force you to not be anonymous, but if you are going to run your software on my device I want some accountability. Our salaries should also reflect that.
Im sure that this will be unpopular though.