[beejiu]

I think it works both ways, too. Unfortunately there are some developers that take any form of criticism as negativity.

Some time ago I discovered a major XSS security vulnerability in a very popular WordPress plugin (used on over 100,000 blogs). I notified the author and got it fixed, and published a blog post about the issue 12 months later. The article itself was entirely factual and described the nature of the issue, how I discovered it and what the fix was. Unfortunately, the author took this as a personal attack (the email he sent me made that clear) and I decided to take the post down.

The thing is, I had actually spend many hours going through every single line of code to look for other security vulnerabilities. Sure, I hadn't written any code, and I wasn't the maintainer, but it was still an "open source contribution" in some sense.

[thejameskyle]

I can't read the article so it's hard to say. But if it was just about the security vulnerability and you weren't calling their software shit, then that's not what I'm trying to cut away at and I'm not sure why the author took it so personally.

[qwename]

Did you consult the plugin author before blogging about the vulnerability? Is there a reason why you blogged about it a year later? I am guessing that you waited until the old version of the plugin wasn't (widely) used any more.