I admit to not listening to all of this video, listening to Luis could put a tweaker to sleep. However, from what I did listen to and from reading the description I will say this of the xz utils hack, that it is a wake up call for open source. I suspect open source project to be big targets for hackers of all kinds, and that state actors have already embedded sophisticated code into some projects to gain access to and monitor peoples activities. It would surprise me if, for instance, the US CIA and Homeland Security didn't already have code embedded in most if not all Linux distros. If they don't, they're working on it now. Just my thoughts, but free software and free people are under attack from every direction, we must be vigilant.
> inserts packages into actually useful projects, creating megawebs of dependencies under the guise of compatability > "i really have to be careful about others inserting their own code man"
I'd argue it's partly due to the philosophy ljharb has and the combative nature how we just doesn't want to drop compatibility to already dead engines or node versions. He seems like a nice guy but it doesn't help when his "best practices" are kind of made up and never feel like progress can be made. Especially when 1 package is then pulling in 50 dependencies just to polyfill features that are part of the standard library of node