Yes, a forum of people interested in software development might care that most new repositories created on the most popular website for sharing open source code will end up spoofed and sharing malware?
As I wrote in this issue, I am exhausted. Microsoft has plenty of money to handle issues like this and chooses not to do so. I have spent hours now reaching out to GitHub in vain, tracking down people affected, and trying to figure out how to get someone to give one single flying fuck.
So what the hell. Let’s make the CISO’s slideshow intro to GitHub popular.
Thanks, I just find it wild that Microsoft appears wholly uninterested in policing what seems like a huge legal liability to their business. I’ll start reaching out to as many journalists as I can with what I’ve got. They seem a little overwhelmed from the two I’ve already reached out to.
Edited to add: I’ve also been hoping that I could avoid giving the attackers too much of a heads up, but at this point the risk is higher that nothing gets done about it at all.
I'm also curious about this. We were accepted into Stripe Atlas but too late – we ended up forming our company while on the waiting list and couldn't partake.
Does this mean you're also hoping to expand into Delaware PBCs, too? Lots of open source projects are considering this approach due to a combination of poor response to open source nonprofits from the IRS and flexibility in figuring out their funding sources. There's only trivial differences to a C Corp in terms of filing.
I'd been planning to reach out to Stripe about this when it made sense; I probably should've just emailed you! We're advising folks we're bringing onto our Stripe Connect platform as managed accounts to go use Stripe Atlas where possible, but plenty have voiced support for having B Corps be part of that happy path.
Honestly, I might even just pay a lawyer at some point to open up some standardized set of docs for this.
Do you hope to have any way for Connect platforms with managed accounts to more directly refer people into Atlas? Having an API for the application process would be amazing.
Code Corps is intended to be a place to find and volunteer for open source projects you think are worth whatever free time you have. For maintainers, we'd like to make scaling your community trivial: acquire and retain volunteers, onboard newcomers, recommend the right tasks to the right people, and fund your operations.
As an aside, I'm kind of curious how others feel they fare on building new projects. Do you feel slow? I worry constantly about how quickly I'm moving relative to peers.
Stripe did introduce Stripe Atlas. Although this doesn't solve the situation totally, it's at least one of a number of helpful steps in the right direction.
Does anyone have resources on how one should design their changes to run side-by-side? I have not been at large companies and don't have the advantage of institutional knowledge to help here. Book, articles, and practical examples would be fantastic.
And since it's often hard to generalize, I work today with Elixir and Postgres. Anything specific around this stack would be exceptional.
Do you mind sending me an email sometime? You can find one in my HN profile. I'm really curious to hear about what you've done to find maintainers and how you've thought about tackling the fundraising issue.