A Proposal For The FOSS Community

[Verity1998]

A plan to fix the critical FOSS infrastructure problem;
My name is Ben, and I have an idea that could permanently fix the internet's FOSS project foundation problem, an issue that is threatening civilisation as we speak.
I suggest temporarily removing an important package that millions of websites or software rely on to run.
You can then tell companies like Microsoft, Apple, Google, Meta & others that if they want their packages back, they must look into the FOSS foundation problem and support FOSS projects so there won't be any more incidents (no more XZ Utils backdoors, no more Log4Shell, no more Heartbleed, nothing)
Send them this: https://x.com/CorpseLeague
This account has the information they need to know about the catastrophic consequences of this problem. They have got to know what they rely on and we cannot continue to do nothing or more incidents will happen. This will make a lot more people think about how important open source is for the internet and how the world's governments need to watch out for them.
We rely on the internet and our digital infrastructure for hospitals, charities, donations and so much more for our everyday lives.
To simplify what I am saying, here are the ways that civilisation can collapse from the FOSS foundation problem;
A. the package of a FOSS project being deleted after it's reached its end of life (like npm, FreeBSD & zlib, which are important for online services & gaming consoles)
B. the lack of manual maintenance in more complex FOSS projects like core-js & the tz database causing almost all our world's infrastructure to eventually break (Dennis Pushkarev and his supporters are backing this logic up; https://www.reddit.com/r/programming/comments/111k9aq/corejs_maintainer_so_whats_next/)
C. new maintainer incompetency leading to a mistake in coding which leads to everything relying on the affected project breaking
D. a bug in an update to a crucial FOSS project that will break everything relying on that project (Dan Kaminsky fixed a bug in the internet's Domain Name System that could have easily crippled the internet in 2008; https://www.darkreading.com/application-security/black-hat-flashback-dan-kaminsky-saved-internet), or…
E. another Log4Shell that will actually succeed in destroying our internet.

We can fix this problem for good if we do this.

[avivkeller]

You cannot simply “remove” Node.js. It’s open source software, distributed globally across mirrors, forks, operating system package managers, container registries, and enterprise caches. The very design of OSS means no single individual or group can yank it away once it’s released.

Even if Node.js were somehow “removable,” we would never sabotage the ecosystem just to make a point. That would violate the trust of millions of developers and undermine the very principles that make open source work in the first place.

[avivkeller]

I also highly suggest you stop spamming this content throughout popular projects, it's certainly wasting our time, and will only result in negative sentiment towards any future issues you may open.

That being said, if you'd like contribute meaningfully to this project, or any others, to perhaps improve FOSS via collaboration, please be my guest.

[Verity1998]

It has become difficult to reach out in other ways. I unfortunately had to resort to this.

I apologise for any disturbances. I hope you still understand the severity of the issue — I’ve gotten the information to a UN member.

[ljharb]

The issue is severe. Your solution would cost hundreds of millions of economic damage, while torpedoing the reputation of an open source maintainer, and would solve precisely nothing, as everyone would just pin or move to an alternative.