|
|
|
|
|
|
by hifromwork
586 days ago
|
|
|
>You could add "I don't care about fixing security vulnerabilities" somewhere in the beginning of the readme I care about fixing security vulnerabilities in my OS projects, but I care more about my sanity, my family, getting enough money to survive, and a few other things. Unless you pay me I don't care about your problems with my free (as in a beer) software. And that's a good thing btw - I tried to ask for donations once, got the equivalent of a few cups of coffee per month, and... burned out almost immediately. I started to feel responsible for that project, staying up late to fix reported minor bugs, and it turns out watching Github issues 365 days a year for a few dollars monthly is not a great business strategy. |
|
|
They are going out of their way to advertise so that people use their security-critical software in security-critical applications, and then they neglect the security.
While they aren't under any legal obligation, it's (in my worldview at least) pretty damn unethical.
All they would have to do to not be unethical is make it clear that this software should not be used in any security-critical application because it is not properly/frequently maintained. Put that in a header on the website.