erAck

Making one a maintainer (with merge and possibly even direct commit/push permissions) is handing them a key to the kingdom. Recruiting a maintainer out of the blue without them being already contributor and long term participant in the project is questionable.

Of the xz/liblzma backdoor incident.

Malicious account holders with a long term goal need to build reputation. It doesn't matter much that such an app isn't a dependency of other software.

This is how one attracts and invites Jia Tan and Hans Jansen types.

First choice GIMP. Then, Digikam has an image editor that provides a number of tools. Not as detailed and sophisticated as GIMP but does most things needed.

Meh, not available in Android versions :-/ You could disable deletion of cookies and site data, and use the Cookie AutoDelete Add-On to delete cookies and data (you'll have to enable that once) and add sites you want to keep there in the whitelist while you are visiting them.

When clearing Cookies and Site Data, under Manage Exceptions add the URLs of the web sites you want to keep data for, i.e. Allow.

RCE CVEs are a thing.

It's probably sufficient to be able to take over the browser remotely.

Lol, "the only way a team can effectively use TOTP", really? Many paid PWMs doing it already isn't a good excuse.

It's enough if they have access to the browser.

I don't have much to add to the edited version of that comment in that topic there: https://lemmy.ml/comment/8930011