(lwn.net)

298 points jwilk | 1 comments | 25 Jun 25 19:36 UTC | HN request time: 0.202s | source

Show context

throwaway2037 ◴[26 Jun 25 05:38 UTC] No.44384478[source]▶

    > ...there are currently four bugs marked with the security label in the libxml2 issue tracker. Three of those were opened on May 7 by Nikita Sveshnikov, a security researcher who works for a company called Positive Technologies.

I'm confused. Why doesn't Positive Technologies submit a patch or offer to pay the lead maintainer to implement a fix?

FYI, Wiki tells me:

    > Positive Technologies is a Russian information security research company and a global leader in cybersecurity.

replies(5): >>44384500 #>>44384649 #>>44384997 #>>44385563 #>>44389020 #

1. codedokode ◴[26 Jun 25 05:43 UTC] No.44384500[source]▶

>>44384478 #

Because they have other things to do? Nobody pays them for fixing it too.

↑

Libxml2's "no security embargoes" policy