GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 03:05:02 JST Evan Prodromou Evan Prodromou

    Here's my main takeaway from the #xz crisis: require GitHub contributors to have a verified fediverse account in their profile links, and use it to find out what their actual reputation is.

    In conversation about a year ago from cosocial.ca permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 05:56:25 JST Evan Prodromou Evan Prodromou
      in reply to
      • ClickyMcTicker

      @ClickyMcTicker why's that?

      In conversation about a year ago permalink
    • Embed this notice
      ClickyMcTicker (clickymcticker@hachyderm.io)'s status on Monday, 01-Apr-2024 05:56:26 JST ClickyMcTicker ClickyMcTicker
      in reply to

      @evan Absolutely not.

      In conversation about a year ago permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 06:05:06 JST Evan Prodromou Evan Prodromou
      in reply to
      • hambier

      @hambier do you use other systems, like LinkedIn or letters of reference, when doing professional work?

      In conversation about a year ago permalink
    • Embed this notice
      hambier (hambier@mastodon.opencloud.lu)'s status on Monday, 01-Apr-2024 06:05:07 JST hambier hambier
      in reply to

      @evan So if I'm contributing to some project (occasionally in my case), I'd be required to also use social media under that same identity?

      I find that thought disturbing to be honest. Social media is often personal or political and there are lots of good reasons to do it under a pseudonym. But my contributions are under my real name out of a vague feeling of respect and transparency.

      IMHO it would be a very strong barrier. First creating an online profile just to fix some bugs yourself?

      In conversation about a year ago permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 06:10:00 JST Evan Prodromou Evan Prodromou
      in reply to
      • Benjamin Fry

      @bluejekyll yes; they also used sock puppet accounts to pressure the maintainer into getting more co-maintainers.

      In conversation about a year ago permalink
    • Embed this notice
      Benjamin Fry (bluejekyll@hachyderm.io)'s status on Monday, 01-Apr-2024 06:10:01 JST Benjamin Fry Benjamin Fry
      in reply to

      @evan this sounded like a fairly sophisticated attack, hadn’t the contributor been submitting patches for like 2 years before this? Given that level of commitment, probably would have gone through similar lengths on social media.

      In conversation about a year ago permalink
    • Embed this notice
      David Somers (omz13@mastodon.social)'s status on Monday, 01-Apr-2024 06:12:12 JST David Somers David Somers
      in reply to

      @evan A nefarious actor will simply juice their “verified fediverse account” with “reputation” (whatever that is). The #xy crisis seems to be a long-term play.

      In conversation about a year ago permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 06:12:12 JST Evan Prodromou Evan Prodromou
      in reply to
      • David Somers

      @omz13 reputation means that you and I have connections in common that I can ask about you and what kind of contributor you are.

      In conversation about a year ago permalink
    • Embed this notice
      Scott Sweeny (ssweeny@fosstodon.org)'s status on Monday, 01-Apr-2024 06:16:31 JST Scott Sweeny Scott Sweeny
      in reply to

      @evan Can't accept your PR. Not enough wuffie.

      In conversation about a year ago permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 06:16:31 JST Evan Prodromou Evan Prodromou
      in reply to
      • Scott Sweeny

      @ssweeny I know you're joking, but I also think that there is a difference between accepting PRs and making someone a co-maintainer. If you were hiring someone for that job, you would check references.

      In conversation about a year ago permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 10:53:22 JST Evan Prodromou Evan Prodromou
      in reply to
      • Dr. Brandon Wiley

      @brandon with GitHub, you can link to a fediverse account, and if you link back, the identity is "verified". The same person controls both accounts.

      In conversation about a year ago permalink
    • Embed this notice
      Dr. Brandon Wiley (brandon@mastodon.blanu.net)'s status on Monday, 01-Apr-2024 10:53:35 JST Dr. Brandon Wiley Dr. Brandon Wiley
      in reply to

      @evan What does "verified" mean in this sentence?

      In conversation about a year ago permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Monday, 01-Apr-2024 13:20:48 JST Evan Prodromou Evan Prodromou
      in reply to
      • David Somers

      @omz13 Using fediverse mutual connections as a signal is better than nothing.

      In conversation about a year ago permalink
    • Embed this notice
      David Somers (omz13@mastodon.social)'s status on Monday, 01-Apr-2024 13:20:49 JST David Somers David Somers
      in reply to

      @evan Programmers are lazy/busy and barely have time to read the README file, let alone do due diligence on a package they’re importing. Plus, if we have connections in common, asking for any kind of reference is IRL highly dependent on personal whims and vendettas (and comes with no guarantees). For #xy it seems there were other actors “vouching” because nefarious actors will “juice” where needed: build their own network of connections to appear genuine to aid their agenda.

      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.