this post was submitted on 08 Jun 2026
45 points (95.9% liked)

Opensource

6209 readers
71 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
45
Changing How We Develop Ladybird (ladybird.org)
submitted 2 days ago by codeinabox@programming.dev to c/opensource@programming.dev
9 comments fedilink hide all child comments
 

We will no longer accept public pull requests. From now on, code changes to the Ladybird codebase will only be introduced by project maintainers.

you are viewing a single comment's thread
view the rest of the comments
[–] devaly@ani.social 4 points 2 days ago (2 children)

Doesn't make sense... This premise seems flawed by two aspects:

  1. The maintainers can introduce vulnerabilities unknowingly themselves
  2. They should only merge patches that they fully understand

It feels like they are not capable of detecting a vulnerability when they see one. meaning that they themselves can potentially introduce tons of new vulnerabilities unknowingly.

In this situation it would be for the best to have a large pool of contributors capable of detecting such issues, instead of closing it even further.

[–] kilgore_trout@feddit.it 5 points 3 hours ago
  1. The maintainers trust each other as real people with some decent work ethics
[–] ExLisper@lemmy.curiana.net 24 points 2 days ago

They are worried about vulnerabilities that are introduced knowingly. They said that in the past you could trust that if someone spend months writing code for you project he did it with good faith and not to sneak a backdoor past you. Basically they assumed a hacker would not invest months of work trying to add a bug to an open source project because it's just not worth it. Now, because of AI, someone can easily create big PR with a hidden bug hoping that it will get merged.

I have no idea how true it is (i.e. if AI is able to generate a big PR that will pass all the checks and get approved) but logically it does make sense.