[af3d]

Kind of sad to see that the library "custodian" as it were seemingly uninterested in fixing the software in question. This may not effect most commercial scanners but the fact that it is even out there in wild is a bit disconcerting to say the least. Just another "brick in the wall" insofar as supply-chain (in)security goes....

[SAI_Peregrinus]

This is extremely common. Otherwise licenses wouldn't include clauses like

> 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO > WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. > EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR > OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY > KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE > IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR > PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE > LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME > THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

They're not required to fix anything, and by including that disclaimer imply that they won't necessarily even intend to fix anything. They disclaim liability, and you, the user, "ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION".

Proprietary software pretty much always has similar clauses too. It's not an issue with open-source, it's an issue with software in general.

[alex_suzuki]

There could be any number of reasons for that apart from negligence. AFAIK it’s a single person, so „bus factor“ comes to mind.

[rustcleaner]

Fork and steal users, and pull their new changes until the totality of patching new pulls into the new project becomes too arduous, then let the original project and author float into the sunset as you are the new big kid on the block and have the bully pulpit!