Exploring the Risks of Single Maintainer Dependencies with John McBride

Today I sit down and chat with John McBride, senior software engineer at VMware. We begin by talking about John’s address at KubeCon, “Risks of Single Maintainer Dependencies and How to Mitigate Those Risks.” We discuss the definition of security and then John identifies some of the other non-security risks posed by single maintainer dependency. We talk a little bit about mitigating the risks and about building trust and community around single maintainer projects. We conclude our time by speculating on the extinction of single maintainer dependencies.

Highlights:

  • John introduces himself and talks about his interest in mitigating the risks of single maintainer dependencies (00:55)

  • We have a conversation about the definition of security (4:54)

  • John talks about the other, non-security risks of single maintainer dependency (10:00)

  • We discuss how to mitigate the risks of single maintainer dependency (12:04)

  • John talks about building trust and building community around single maintainer projects (16:48)

  • John answers my question “Do you think being a single maintainer is ultimately an anti-pattern, a non best practice?” (23:56)

Links:

John

Chris Hill