(lwn.net)

276 points jwilk | 1 comments | 25 Jun 25 19:36 UTC | HN request time: 0.249s | source

Show context

throwaway2037 ◴[26 Jun 25 05:38 UTC] No.44384478[source]▶

    > ...there are currently four bugs marked with the security label in the libxml2 issue tracker. Three of those were opened on May 7 by Nikita Sveshnikov, a security researcher who works for a company called Positive Technologies.

I'm confused. Why doesn't Positive Technologies submit a patch or offer to pay the lead maintainer to implement a fix?

FYI, Wiki tells me:

    > Positive Technologies is a Russian information security research company and a global leader in cybersecurity.

replies(5): >>44384500 #>>44384649 #>>44384997 #>>44385563 #>>44389020 #

1. flomo ◴[26 Jun 25 07:17 UTC] No.44384997[source]▶

>>44384478 #

Perhaps you are imagining some free software bong(o drum) circle?

The big point is this is a critical component for Apple and Google (and maybe Microsoft), and nobody is paying any attention to it.

↑

Libxml2's "no security embargoes" policy