Jon Masters is a kernel hacker who’s been involved with Linux for over 22 years.
"I wanted to take a moment to discuss the broader implications of the XZ attacks involving maintainer burnout. The XZ library had a single maintainer for years, one who (by their own admission) was experiencing a tough moment, causing them to feel real burnout. As a result, patches were languishing and releases were not as regularly finished.
All of a sudden, an apparent well-wisher named Jia Tan appeared and began making useful contributions. Eventually, other ‘people’ put pressure on the maintainer to accept them as a co-maintainer. So it was that this ‘actor’ was able to exploit a maintainer to gain control over a project.
What’s lost in all of the discussion about the fallout and consequences is that this is just one of the bullying tactics applied to gain leverage over an open source project. This is far from a new phenomenon. Look around for a few minutes and you’ll find similar bullying tactics elsewhere, used to force maintainers to hand over control. If we are to move beyond the XZ moment, we should also consider reforming other aspects of how our communities operate, including how we handle pester efforts by folks to force maintainers to do things they would not otherwise do."