alt Hacker NewsNot necessarily. Orgs exist in GitHub, and it seems reasonable that if the $BIGCORP org limits membership to employees, you can automatically trust all members of that org. Because this way, if one steps out of line, you have both an escalation path (contact admins) and a stick (revoke trust in entire org).
Replies
bjackman • today at 4:29 PM
As a $BIGCORP member I don't think this would be a great solution. I suspect there are plenty of vibe coding PR spammers that work for my company. And the admins of the GitHub org would not really care, making it easy for staff to contribute to third party projects is nowhere near their top priority (and policing the behaviour of their org members outside of org-owned repos is not in their mandate even if they wanted to).
Allowing contributions only from big tech companies sounds ideologically questionable from free/libre software movement perspective, and it emboldens decisions which go against the user's interests, such as removing manifestv2 in Chromium.