←back to thread

Libxml2's "no security embargoes" policy

(lwn.net)
278 points jwilk | 1 comments | 25 Jun 25 19:36 UTC | HN request time: 0.484s | source
Show context
zppln ◴[25 Jun 25 21:51 UTC] No.44382133[source]
Very sad read. Much of the multi-billion dollar project I work on is built on top of libxml2 and my company doesn't have a clue. Fuck, even most of my colleagues working with XML every day don't even know it because they only interface indirectly with it via lxml.
replies(3): >>44382162 #>>44383083 #>>44385618 #
1. ethan_smith ◴[26 Jun 25 09:19 UTC] No.44385618[source]
Companies should implement dependency audits that identify critical open source components and allocate appropriate support resources proportional to their business impact.