|
|
|
|
|
|
by jitbit
215 days ago
|
|
|
True - if we're talking about actual security bugs, not the "CVE slop" P.S. I'm an open source maintainer myself, and I used to think, "oh, OSS developers should just stop whining and fix stuff." Fast forward a few years, and now I'm buried under false-positive "reports" and overwhelmed by non-coding work (deleting issue spam, triage, etc.) P.P.S. What's worse, when your library is a security component the pressure’s even higher - one misplaced loc could break thousands of apps (we literally have a million downloads at nuget [1] ) [1]: https://www.nuget.org/packages/AspNetSaml |
|
|