hello@openfuture.eu
The recent discovery of the XZ utils backdoor has been widely discussed in the open source and cybersecurity communities. It has highlighted the challenges faced by a system whose maintenance relies heavily on volunteers. A growing number of experts are calling for these challenges to be addressed through increased public support, similar to what the Sovereign Tech Fund is doing in Germany, or our proposal for a Public Digital Infrastructure Fund.
Together with our partners in the NGI Commons Consortium, we just published a blog post arguing that this support must uphold and strengthen the core principles on which most open source projects rely, such as collaboration, freedom of use, and standardization. We therefore believe that more deliberate governance of key open source software packages used as Digital Commons in security infrastructure could help to codify community norms and overcome the problem of burnout that we saw at play in the XZ utils case.
