[oefrha]

According to https://github.com/actix/actix-web, it appears that the author did accept the security concerns (when an actual use-after-free was found, but maybe not the previous, generic “unsafe oh noz” shitstorms), and wanted to explore some other way to fix the problem instead of accepting the patch as is.

Just because there’s a patch that fixes the issue doesn’t mean the maintainer has to merge that patch.

[mratsim]

The maintainer still shouldn't dismiss a patch + test case with "it's boring".

[wvenable]

Why not? The only reason I work on personal open source projects is because it's interesting to me. Otherwise, why would I bother?

[mratsim]

He can reject the patch. But the tone is important as well. And that was that "it's boring" reply that triggered an angry response from a passerby about "you shouldn't write libraries" (or something in vein).

[Izkata]

He didn't. From what I can tell from reconstructed logs posted elsewhere here, he rejected a proof-of-concept the poster suggested someone else continue with.