OpenJS immediately flagged the potential security concerns to cybersecurity and infrastructure security agencies within the United States Department of Homeland Security (DHS).
I wonder why they turn to Usa for help. Their 3 letter agencies have even longer records of trying to secretly undermine public IT infrastructure.
FOSS Maintainers ARE infrastructure.
China, Russia, Iran, Korea, and others are attacking US infrastructure, and US industry has heavily leveraged the FOSS architecture because of the “free” part.
For the most part, these maintainers are private individuals. Their projects are subject to an obfuscated popularity contest.
You make it sound like this would be an everyone-against-the-US scenario. Even the NSA has been caught trying to weaken cryptographic implementations.
Everyone (including the US!) fucks with infrastructure for their own perceived gain.
I’ll cop to being a bit too parochial (and US-centric) with my statement. The FOSS cmaintainer ommunity is clearly an international one, and this is a multinational issue.
I’m also well aware of how our US domestic agencies have leveraged their position over key portions of Internet infrastructure over the years.
Mainly I was expressing my frustration and concern about individuals vs. nation states and organized efforts to undermine code bases. It came off ham-handedly, but I stand by the sentiment.