Hacker News new | ask | show | jobs
by ajross 232 days ago
> Is that not a problem with how people are using CVEs, scoring them and attaching value to them

Well, yes, it is. But if that's the way the market is going to game the scoring/value system it's (mis)using, then it behooves a project that wants to be successful to play the same game and push back when the scoring unfairly penalizes it.

Basically dnsmasq doesn't really have much of a choice here. Someone found a config parser bug and tried to make a big deal out of it, so someone else (which has to be dnsmasq or a defender) needs to explain why it's not a big deal.
1 comments
akerl_ 232 days ago
Why?

What negative thing happens to the dnsmasq project if they just don’t argue about whether or not it’s a big deal.

link
ajross 232 days ago
Some product decides not to use it. Someone loses a contract supporting it. Someone doesn't get a job because their work isn't favored anymore.

I think you're trying to invoke a frame where because dnsmasq is "open source" that it isn't subject to market forces or doesn't define value in a market-sensitive way. And... it is, and it does.

Free software hippies may be communists at heart but they still need to win on a capitalist battlefield.

link