California! Uber Alles!

The takeaway here

Open source has not failed us, we have failed open source. The xz backdoor revealed not a broken development model but a broken economic model, one where we socialize the costs of critical infrastructure while privatizing the benefits. The attack succeeded not because open source is vulnerable, but because we’ve made open source maintainers vulnerable by systematically underfunding the human infrastructure that creates the technical infrastructure we all depend on.