2 comments

[ 3.9 ms ] story [ 24.4 ms ] thread
In the end, this could well end up being a good thing. We tend to trust our modules too much, and it kinda works because usually they aren't doing anything. Increasing the failure rate, so to speak, could force us to address the question of how to vet module changes.

It also seems inevitable. Without celebration of this fact, the zeitgeist is clearly shifting away from openness. We may not see a lot more malware but I'd be completely unsurprised to see continued fracturing and more people tying software licenses to ideological stances, in retaliation for the other software tied to ideological stances. While the HN gestalt may tend to bemoan the end result, the HN gestalt is largely in favor of the forces driving this effect, and it's not going to be very easy to have one without the other.

It's gonna be a heck of a mess, though. At least current licenses can be largely categorized into groups around what they require. How is one going to classify licenses based on the effectively-infinite variety of ideological stances a library author could require? Open source license validation services are going to get pretty complicated.

On one hand I also bemoan an over-reliance on modules, especially since they end up effectively black boxes since rarely do I see people checking the code to verify that they do what they say they do. On the other hand, what are we supposed to do if we can no longer trust open source libraries? Rewrite everything?

The point on ideology and licensing may be a bit premature though. The revision seems wildly unpopular, and was only source code, not licensing. I wouldn't be surprised to see fracturing in the future, perhaps.