downrightmike parent
I can't believe that long gone maintainers still had root access, or any access at all to the core platform. Its has been wild to see ruby community members getting upset with modern and established security norms, for a platform that runs a lot of the web. Its not 2006 anymore, and we aren't just running random curl commands off the net to get rails installed. Scary to think how naive the backlash has been. Having an unmaintained security posture that is inherently insecure, just blows my mind. That supply chain was wide open to attacks, may still be, but at least someone tried to bring security up to this decade.
Trying and doing aren’t the same thing. I’ll take competent community members over incompetent leadership any day of the week. And I am right to think so, seeing how they entirely bungled even kicking out the people they wanted kicked out. They literally had their first security incident at second zero of their attempt to “bring security up to this decade”.