These projects aren't very glamorous to work for, plus when everyone's shitting on your work every day it's hard to stay motivated.
Anyone who works on systemd is doing difficult work. We should treat these teams better and give them support rather than just brow-beat them for their mistakes.
Not at all. OpenSSL was suffering from a lack of effort/funding and a desire not to 'break' anything. Systemd has plenty of effort and breaks everything, but a lack of philosophy, a lack of introspection. It's ignoring plenty of hard lessons about security practice and being very Microsoft-y. Massive technical debt which we will collectively pay for for a decade or more.
From my experience - not that much care. I've found a different (remote) DoS issue in systemd-resolved a few months ago. It was a really obvious parsing issue. Also no CVE or announcement.
Anyone who works on systemd is doing difficult work. We should treat these teams better and give them support rather than just brow-beat them for their mistakes.