Quick update: talked to my boss and he’ll be moving it “soon”. I think I’ll just wfh for the rest of the day.
Update 2: my boss apologized and moved the printer and resins out. 😊 I popped by after work tonight and it still smells but it’s not bad now.
I look at the contributors on Github and check them out. I’ll check out what else they’ve worked on and maybe see if they have an account on mastodon or twitter. Maybe I’ll ask some friends if they’ve used or heard of the product, or know of the devs.
There is indeed malware disguised as OSS and you do sometimes have to vet them. I’ll skim the codebase and see if there’s anything that looks weird or funky, but that’s not perfect (like in the case of the xz) and some stuff can slip by.