Reiterating a thought I had the other day: most of us know devs who creep us out to the point where we’d feel unsafe alone in a room with them. But we also routinely trust those same devs to maintain OSS dependencies we rely on.
Which seems… sub-optimal at best.