When Responsibility and Power Collide: Lessons from the RubyGems Crisis
mensfeld.plCould someone with more legal knowledge than me perhaps explain what the legal situation around open source software, and ownership of OSS is.
Every open source licence basically says that the software is provided "as-is" - so I don't understand where RC's legal liability would be.
If a court decided that RC had some legal liability in the event of a software supply chain attack, what redress would the plantiff have. Could owner rights to a github repository be considered an asset and awarded to the plantiff if RC was bankrupted?
RC gets paid money to run a service. It's not about the code.
Seems like governance is a corporate force that gives us meaning. Maybe we will find projects so large reflecting a hierarchy of accounts are themselves organisms that cannot but survive.
Distributed repositories enable any contributor to supply infra, although that comes with its own challenges. Huge time sink to maintain that, per person, constantly.
Losing access because of centralized management is not one of them, though.
Finally, a grown-up in the room!