They announced grassroots donations for 10% of the total. That’s good, but still short of where it should be for something so popular.
I think of it like crime or natural disaster: a PyPI compromise could easily cause economic damages on the order of a bad storm or small terrorist attack. Collectively we spend billions trying to mitigate those societally rather than telling each person to defend themselves, and this feels like the same idea adapted to a different context.
I think of it like crime or natural disaster: a PyPI compromise could easily cause economic damages on the order of a bad storm or small terrorist attack. Collectively we spend billions trying to mitigate those societally rather than telling each person to defend themselves, and this feels like the same idea adapted to a different context.