Tootfinder

#TIL `volta` is unmaintained. The maintainers recommend migrating to `mise` 😩 https://github.com/volta-cli/volta/issues/2080

Volta is unmaintained; we recommend migrating to `mise` · Issue #2080 · volta-cli/volta
The volta maintainers recommend using mise. It is the tool that most of them use nowadays. They're working on getting an official statement out to that effect at some point. Until then, this pinned...

AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
Apparently reputation farming and running a openclaw consultancy
https://socket.dev/blog/ai-agent-lands-prs-in-major-oss-projects-targets-maintainers-…

Open source isn’t free. We’re just not paying for it: Who maintains the maintainers?
A lot of things don’t add up in the world of software. The skills gap remains stubbornly wide, with IT and data skills the hardest to recruit for five consecutive years. Yet, at the same time, entry level roles are declining as employers redeploy existing employees rather than hiring new ones.
🧑‍💻

Open source isn’t free. We’re just not paying for it
A lot of things don’t add up in the world of software. The skills gap remains stubbornly wide, with IT and data skills the hardest ...

RE: https://fosstodon.org/@mwb/116476124401887839
it's happening huh
I've kept silent for a long time b/c I hate throwing fellow maintainers under the bus, but the situation around httpx 2 (which is developed in private and has a focus on adding a …

OSS has always edged in this direction, sometimes awkwardly: please discuss your proposed feature, please talk with the maintainers first, please join our Discord or…something.
I think there’s a fear that “You have to talk to the maintainers first” is a kind of gatekeeping. But let’s be real here: the story of a stranger coming out of the blue and making a valuable contribution is already fiction as often as not. PRs languish; maintainers strain.
5/

The Linux Foundation announces $12.5M in total grants from Google and others to help FOSS maintainers cope with the influx of AI-generated security findings (Simon Sharwood/The Register)
https://www.theregister.com/2026/03/18/linux_foundation_ai_slop_defense/

Linux Foundation kicks off effort to shield FOSS maintainers from AI slop bug reports
: Big Tech donates $12.5 million to get things rolling

«AI Slopageddon and the OSS Maintainers»
– by console.log()
Good article about the use of AI in open source projects and the problems that arise from it, mainly for the maintainers of the projects.
🧑‍💻 https://redmonk.com/kholterhoff/2026/02/03/a…

AI Slopageddon and the OSS Maintainers
AI slop is ripping up the social contract between maintainers and contributors essential to open source development. Practitioners have been repeatedly assured that AI would supercharge their communities, but so far that hasn’t been the case. Just look at what happened last month. Mitchell Hashimoto’s Ghostty implemented a zero-tolerance policy where submitting bad AI-generated code

We all know the fantasy trope of our hero meeting the aging keeper of some ancient relic essential to the plot.
Today these are the maintainers of production software installations. Or maybe it's more like Teshigahara's Woman in the Dunes 😅
https://youtu.be/7kX4h_sEBiI?si=4qGK6BqWhmNm2l_x

'Linux lays down the law on AI-generated code, says yes to Copilot, no to AI slop, and humans take the fall for mistakes — after months of fierce debate, Torvalds and maintainers come to an agreement'

an attack on free software maintainers... https://glama.ai/blog/2026-03-19-open-source-has-a-bot-problem

RE: #maintainers of @…

AI bros are just loving open source — loving it to death... maybe quite literally! (Godot being latest popular example[1])
More and more projects are impacted by floods of bogus AI pull requests and resulting discussions, stealing precious time and nerves away from their maintainers doing actual productive work. More buggy and insecure software (incl. commercial offerings) due to slopcoding, more websites getting attacked daily by AI crawlers in desperate search for any new bits (liter…

I was reading the most recent @… WIP Wednesday and saw:
There are 2 release blockers for v1.1 currently, down by 2 from last week.
If I read those two release bl…

I think what irks me the most about the understaffed darwin (= macOS) maintainers situation in #nixpkgs is not only that it forces pure Linux users to look out for darwin quirks and thus invest a significant amount of time in darwin maintenance, but also that a significant amount of the business value of DetSys, Flox and similar

"Shambaugh gives his time to the open source ecosystem that underpins vast amounts of commercial software. He now has defamatory material indexed under his name. He will spend time managing the fallout. He bears the cost of someone else’s product working exactly as designed.
The agent’s owner bears none of it. OpenClaw bears none of it. The companies whose AI models power OpenClaw bear none of it."

The Machine That Cannot Be Wrong
On AI agents, open source maintainers, and the infrastructure nobody is watching

It feels like the open source world is fracturing. It used to be if we wanted alternatives to commercial software we could look to open source, but so much of open source software today is using AI.
Sure, some maintainers are saying "I only use it to speed things up, I still review all code before it gets added." but for lots of folks that's not good enough, and they draw a hard line at the use of any AI.
Are we looking at "open source" versus "open …

Security — 15 comment bubble on white
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much
🦀 https://www.theregister.com/2026/03/20/cry

Cryptographers engage in war of words over RustSec bug reports and subsequent ban
: Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much

Anthropic's Mythos adds to concerns about rising workloads for open-source maintainers, as many have already been dealing with a "crazy" number of bug reports (Chris Stokel-Walker/Bloomberg)
https://www.bloomberg.com/news/articles/20

Linus on point as always.
https://lkml.org/lkml/2021/6/10/957
(yes it's old, but I just found it haha)

RE: https://social.ayco.io/@ayo/116269259048212523
My 2 cents:
- Some (not all) maintainers have moved on to another platform. To regain interest, maybe implement AP on npmx, or revive Nimbus/tsky within Elk as an AP AT client?
- Elk is more popular t…

Oh, #GitHub is empathetic to #OpenSource projects impacted by all the #AI slop. They're willing to help, right?
#Copilot even once, and of course they're not going to let people actually block this piece of shit.
#LLM #NoAI #NoLLM #hypocrisy #Microsoft

Managing AI is as simple as that: Use it at your risk, and be transparent about it
https://www.tomshardware.com/software/linu

Consider these points the thread makes:
- Maintainers can't trust submitters have properly reviewed code
- so review burden increases
- and submission success rate decreases
- OSS is thus in deep trouble
- and though LLMs are the catalyst, trust issues are the root problem.
That sure paints a picture — one that rings true to me.
2/

Looks like AI has become the next avenue where ppl seem to think it’s cool & normal to verbally abuse others; including but not limited to calling maintainers idiots or other more or less subtle insults for dealing with the slopocalipse in ways that doesn’t entirely align with their belief system.
I don’t know what you THINK the outcome is but I can tell you what the outcome IS: ppl actually dealing w/ this shit feel even worse & we will remember who did it and who boosted it.

Vibe Coding Is Killing Open Source Software, Researchers Argue
‘If the maintainers of small projects give up, who will produce the next Linux?’
Vibe Coding Is Killing Open Source.
According to a new study from a team of researchers in Europe, vibe coding is killing open-source software (OSS) and it’s happening faster than anyone predicted.
💻

Vibe Coding Is Killing Open Source Software, Researchers Argue
‘If the maintainers of small projects give up, who will produce the next Linux?’

Vibe Coding Is Killing Open Source Software, Researchers Argue https://www.404media.co/vibe-coding-is-killing-open-source-software-researchers-argue/

«Partnering with @… to improve Firefox’s security
AI models can now independently identify high-severity vulnerabilities in complex software. As we recently documented, Claude found more than 500 zero-day vulnerabilities (security flaws that are unknown to the software’s maintainers) in well-tested open-source software.»
I am not an AI fan but with suc…

Partnering with Mozilla to improve Firefox’s security
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.

«Partnering with @… to improve Firefox’s security
AI models can now independently identify high-severity vulnerabilities in complex software. As we recently documented, Claude found more than 500 zero-day vulnerabilities (security flaws that are unknown to the software’s maintainers) in well-tested open-source software.»
I am not an AI fan but with suc…

The key takeaways from the early part of the #chardet thread (I didn't read beyond the ~30 first comments, I have my limits).
1. People there love cosplaying lawyers. Except when the other side also starts cosplaying lawyers, in which case they suddenly divert to suggesting asking professional lawyers.
2. Almost nobody there is concerned with ethics or morality.
3. There's a lot of GPL haters there. Like, they seem the kind of people who don't really care about licensing at all, just used MIT in their projects because it was cool and they heard something about license incompatibility and now bash at everything that's (L)GPL.
4. People don't get that LLMs are statistical models and can't build anything from the ground up. All they can do is remix, which implies they use existing code for inspiration.
5. The maintainer who did the rewrite is a total asshole, and is perfectly aware of it.
Honestly, I'm truly waiting for the subsidizing to end and companies start charging obscene amounts for the use of LLMs. Of course, the reality is that we're totally fucked. We have a lot of projects that adapted a lot of #slop, and people who are being increasingly addicted to this shit. The moment they can't afford it, we'd be left with lots of broken code nobody wants to maintain.
And I definitely don't want to put my effort into packaging crap if its maintainers don't even bother trying.
#AI #LLM #NoAI #NoLLM