|
|
|
|
|
|
by Guid_NewGuid
1041 days ago
|
|
|
Yeah I've been following the thread but feeling a bit queasy because there's a real person on the end of all this vitriol. I think a lot of people's anger and waving the GDPR stuff around is excessive. It's understandably annoying but at the end of the day this is just the implicit cost you pay for not having a commercial agreement in place. Maintainers can go rogue, make stupid decisions and disappear and frankly your comeback is 'fork it and do it yourself'. Not bombard the maintainer with invective and legal threats. I wouldn't use Moq (or other libraries by this maintainer) again in light of their current behavior but the fork button is literally right there at the top of the page. If I want to use the code going forward I'd have to take ownership. I think this also shows how nonsense the default security posture is for a lot of places. Dependabot has atrophied organisation's security sense. You almost never want to upgrade and sit at the bleeding edge, that's asking for zero days, supply chain attacks and bugs. Number goes up is not a sensible way of managing software. There's nothing wrong with a 2 year old dependency running in your solution if there are no reported security issues. |
|
|