I came across this blogpost regarding Mastodon. I would love to get you guys thoughts. This is from earlier in the year, the authors thoughts may have changed but not likely. Some points make sense others not so much.
It’s only a matter of time until there will be a CVE found in the official Mastodon software which will leave a vast majority of instances vulnerable.
PoC or shut your fucking face.
The cool thing about software is that it can be updated, so if someone finds a vulnerability and follows the proper CVE disclosure process, instance admins can just update immediately when it’s disclosed.
I guess it’s a little trickier because open source software can’t really say “fix a vulnerability that hasn’t been disclosed yet” in a commit message without disclosing the bug, and instances can’t just be silently updated before disclosure, but I’m sure there are other ways to handle CVEs that don’t rely on information obfuscation.
The article is basically a straw man. It sets up this assumption that Mastodon is doomed unless it can grow to Twitter scale and have celebrities on it, and so on. However, this supposition is completely baseless.
The only things Mastodon needs to thrive are having enough devs to maintain the platform, enough people to run instances, and enough users to generate content. All these things are already in place, and millions of people are using Mastodon today. It can exist in its current state indefinitely.
I think it’s important to recognize that open source has very different dynamics from commercial platforms. A company has to keep growing to make profit for the investors, and if it stops and loses funding then the platform goes away. This doesn’t apply to open source projects developed by volunteers who are doing it out of passion and personal interest.
Lots of projects like Linux are still very niche, this doesn’t make them doomed in any way.