[phendrenad2]

> You might not want to leave Debian (which is fundamentally people) in the lurch over a security issue, but if a corporation shows up with a security issue, well, you tap the sign.

I think that many people have done this, and all of them were deposed and replaced with someone who would "play ball" (I.E., work for free). Go ahead, keep an eye on Libxml2, we'll either see this reversed, or we'll see libxml3 promoted from all angles and libxml2 decried as "deprecated".

Note that if that happens, it doesn't mean libxml2 is actually bad, it just means that it no longer fits the needs of the corporate overlords, and they need YOU to believe that it's no longer good so you won't waste their time with support requests.