I think I agree with the author that this is potentially a slippery slope. 2FA alone is a great idea, passwords are one of the worst inventions in human history, but it only protects against one supply chain attack -- having your password guessed. What happens when you say "fuck everything" and upload intentionally broken code? We're going to need a mental health assessment. What happens if you're in debt and someone pays you to upload broken code? We're going to need a background check. What happens if malware modifies the code you upload? We're going to need to run this antivirus software that sends all the files on your workstation to our Corporate Overlords. I mean, if you don't agree with all of that, are you really SERIOUS about being a software engineer in your spare time?
The intersection of hobbyists and corporations is a mess. At the end of the day, most people writing open-source software just wanted to scratch an itch. They could be doing anything they want in their free time, and their top choice is probably not to support some Fortune 500's infosec OKRs. It's important to balance modern security requirements with the fact that there is a human being on the other end who is not your employee.
The intersection of hobbyists and corporations is a mess. At the end of the day, most people writing open-source software just wanted to scratch an itch. They could be doing anything they want in their free time, and their top choice is probably not to support some Fortune 500's infosec OKRs. It's important to balance modern security requirements with the fact that there is a human being on the other end who is not your employee.