(twitter.com)

104 points trollied | 1 comments | 01 Nov 25 20:59 UTC | HN request time: 0s | source

Show context

PaulKeeble ◴[01 Nov 25 21:46 UTC] No.45785696[source]▶

"Just send patches" is I think the main point. Rather than just reporting security bugs these big organisations ought to start seeing the point of open source being that can and should be contributing if they value the project and need this fixed because its a pretty obscure problem generated by AI.

replies(4): >>45785935 #>>45786972 #>>45788047 #>>45789281 #

bawolff ◴[02 Nov 25 05:34 UTC] No.45788047[source]▶

>>45785696 #

I think that is a little entitled. They should be happy google isn't just straight up emailing full-disclisure.

The person who makes the software has the duty to fix the security issues in their own code, nobody else, no matter how big they are.

replies(9): >>45788126 #>>45788148 #>>45788195 #>>45788490 #>>45789829 #>>45791054 #>>45791689 #>>45792479 #>>45792591 #

1. thatguysaguy ◴[02 Nov 25 06:00 UTC] No.45788126[source]▶

>>45788047 #

It's a volunteer run project... Saying that they have a duty to do anything other than what they want is quite strange.

↑

FFmpeg dealing with a security researcher