this post was submitted on 08 Jun 2026
49 points (96.2% liked)

Opensource

6212 readers
59 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
49
Changing How We Develop Ladybird (ladybird.org)
submitted 2 days ago by codeinabox@programming.dev to c/opensource@programming.dev
9 comments fedilink hide all child comments
 

We will no longer accept public pull requests. From now on, code changes to the Ladybird codebase will only be introduced by project maintainers.

you are viewing a single comment's thread
view the rest of the comments
[–] ExLisper@lemmy.curiana.net 24 points 2 days ago

They are worried about vulnerabilities that are introduced knowingly. They said that in the past you could trust that if someone spend months writing code for you project he did it with good faith and not to sneak a backdoor past you. Basically they assumed a hacker would not invest months of work trying to add a bug to an open source project because it's just not worth it. Now, because of AI, someone can easily create big PR with a hidden bug hoping that it will get merged.

I have no idea how true it is (i.e. if AI is able to generate a big PR that will pass all the checks and get approved) but logically it does make sense.