(lwn.net)

277 points jwilk | 1 comments | 25 Jun 25 19:36 UTC | HN request time: 0.258s | source

Show context

JonChesterfield ◴[25 Jun 25 22:25 UTC] No.44382335[source]▶

This is an alarming read. Not so much the "security bugs are bugs, go away" sentiment which seems completely legitimate, but that libxml2 and libxslt have been ~ solo dev passion projects. These aren't toys. They're part of the infrastructure computing is built on.

replies(5): >>44384388 #>>44384598 #>>44384778 #>>44385323 #>>44385522 #

1. stavros ◴[26 Jun 25 08:20 UTC] No.44385323[source]▶

>>44382335 #

You got the timeline wrong: libxml2 has always been a solo dev passion project, then a bunch of megacorps used them for the infrastructure computing is built on. This is on them.

↑

Libxml2's "no security embargoes" policy