Introduction
Introduction Statistics Contact Development Disclaimer Help
Unpaid FOSS maintainers and security - stop the madness
Publishing date: 2025-06-18 10:30:00 +0200
So. The author of that post concerning libxml2 [1] is
totally right. This must stop. Corporations do nothing but
moan about vulnerabilities. Or pay bounties for finding bugs,
rather than for fixing them. It's madness!
I am fully with the author of that issue. For the fun of it,
I just did a `dnf repoquery --whatrequires libxml2` on my
Fedora system and wasn't really that much surprised how many
packages depend on libxml2. Some highlights include
postgres, PHP, Apache modules... if I were responsible for
my companies IT infrastructure, and if I wouldn't start to
be concerned now, then I should probably become a gardener.
Remember the OpenSSH funding trouble ~10 yrs ago? Same
again. 🦗🎵
[1]: Triaging security issues reported by third parties
..
___________________________________________________________________
Gophered by Gophernicus/3.1.1 on Raspbian/12 armv7l
You are viewing proxied material from gopher.ynfonatic.de. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.