I’ve not built anything beyond simple scripts in rust but I’m looking at some of the cosmic codebase to see what I can do.

I’ve been programming for too long, my brain just autocorrected the typo so initially didn’t get the joke…

Again, this existed before AI. Typo squatting, supply chain attacks, automated package uploads, CI pipeline infection, they’re all known attack vectors. That’s not to say this isn’t a concern, just that it’s a known risk and the addition of “AI” doesn’t, to my eyes, increase that risk. If your SSH keys don’t require a password, you have taken the decision to make those keys less secure but more convenient to use. That’s pretty much always the tradeoff in security.

The risk here is slightly overblown or misrepresented. Just because a fork exists doesn’t mean that anyone has even read it, let alone run it on their system. For this to be a real threat they would have to publish packages with identical or similar names (ie typo-squatting) to public package repositories which this article didn’t have any information on but which is a known problem long before AI. The level of obfuscation and number of repos affected is impressive but ultimately unlikely to have widespread impact to anyone besides GitHub.

Personally I rename them to something meaningful and they get merged if there are no other references. PayPal is especially bad for completely meaningless rubbish in the payee field and they tend to be ad-hoc purchases so I don’t fiddle with them much. The category is the most relevant bit for me.

I think for most people it’s whatever you got used to first. I agree the hatred the GUIs get is overblown. I would always recommend people learn the command line but if you want to use a GUI, go for it, doesn’t affect me unless your commits are bad, in which case the CLI wouldn’t have helped anyway.

I’ve heard the argument as a positive of learning vim and while it did finally force me to touch type I can’t say that it had any impact on my programming speed.

I agree with those saying mailing lists are intimidating. I don’t know if others are using dedicated tools or something but I find web based mailing list UIs just incomprehensibly bad and difficult to navigate.

I’m curious, why did you switch from plug? I keep seeing new plugin managers pop up but plug has been solid for years for me.