30 Billion+ Devices. Their Maintainers Split 3 Ways on AI.
The curl maintainer said AI was drowning open source in slop. Nine weeks later, he said the opposite. Open source governance split three ways in one quarter.
Topic
Open Source
A collection of 114 issues
GNOME 50 Drops X11. The GNOME Foundation Drops Trust.
GNOME 50 shipped March 18 without X11. Three directors burned. 33% of staff cut. $105,000 on payroll. Fedora 44 and Ubuntu 26.04 LTS will deliver it next week.
Two Weeks of Fake Friendship. One Click. A Global Backdoor.
North Korea built a fake company to trick one developer. For three hours, a tool used by banks, hospitals, and governments carried a hidden spy program.
Billions Read His Code. 7 Days in Prison. No Regret.
Four agents. Evin's Ward 2A. Eight-hour interrogations. They wanted an informant on activists in three countries. He refused. Five years later, his code shipped.
The Field Is Optional. The Death Threats Were Not.
Fraudulent takeout orders. Mormon missionaries at the door. A Social Security number posted on an imageboard.
12.5 Million Downloads a Month. She's Never Seen Her Code on a Screen.
A visually impaired developer in Copenhagen maintains pypandoc, a top 1% Python package with 12.5M monthly downloads used by Adobe, Google, and Microsoft
95 Million Downloads. Poisoned by Its Own Security Scanner.
You never installed LiteLLM. CrewAI did. For 5 hours on March 24, every Python process on your machine was stealing your AWS keys, SSH credentials, and Kubernetes tokens.
Open Source & Linux Weekly - W13_2026
X11 died without a funeral. Canonical bets on post-quantum crypto and Rust. TeamPCP hacks four supply chain targets in ten days. Weekly OSS & Linux roundup.
Mozilla. WordPress. Now Manjaro. Open Source Keeps Dying the Same Way.
He fired the only person watching the money. Made himself treasurer. 2 years later, his own 50/50 business partner signed a public manifesto against him.
Every Line Looked Clean. The Malware Was Hiding in Characters No Editor on Earth Can Render.
You could stare at the infected file for hours and see nothing. The attack hit 200 Python repos, 151 JS/TS repos, 72 VS Code extensions, and 10 npm packages. A researcher traced 50 blockchain transactions spanning three months. Nobody noticed.