Posts: 2,273 +827
Maybe his intention was exactly to teach them not to trust open source in corporate usage?He is making the open source community look bad. He is totally in his right to stop supporting his project if he is not happy with the way things are going, but sabotaging it only teaches that open source is not trustworthy, not that they need compensation. This following Log4j really makes open source look bad. I don't think GitHub should punish the guy, but they are probably just trying to protect themselves from getting sued. It would be a bogus lawsuit to blame GitHub, but things like that happen and sometimes the court makes the wrong decision. It's not like there are technology courts that have a clue.
Everyone has known for years that adhoc OSS development is NOT best practices security audited automatically. You actually need structure, qualified devs who actually target auditing this stuff. It's a no brainer. WHY do you expect log4j to be security audited if you didn't freaking set something up to audit it?
This sounds like people don't understand what the tool is and what purpose it serves. If you want to use random crap from the internet, you take personal responsibility for the consequences. OSS without support is random crap on the internet.