Comment by coldtea
3 years ago
Or it's important, but nobody has the skills/time/familiarity/acceptance from upstream maintainers combo.
Compared to the FOSS origin myths, many huge projects, with tons of end users, including very foundational ones, like GTK+ and OpenSSL and such, are understuffed (or just 1-2 base maintainers heavily overworked, who do 99% of the work and can't take it anymore), and nobody cares or has the time to dive in and fix anything.
Other projects that might have some person interested to bugfix, have maintainers that don't like contributions outside a clique, and ignore bugfixes submitted for years or forever.
So, "any user can fix it" is sometimes just in principle, while actual users than can fix and do fix it are thin on the ground, and othertimes it's just an option for external patches, that will not be merged upstream.
When OpenSSL got and noticed to be critical, it was fixed, funded and also forked tons of time. So open source model works here.
I gut feeling is that Protonmail Bridge is such an obscure project that no one really cares enough, and thus it cannot be “important” or “critical”.
Alternatively, users have an option to change to another system if they are unhappy. Protonmail has no monopoly. But complaining about open source maintenance is not going to change anything. Especially complaining on HackerNews is ungentlemanly.
The complaint is about a payed commercial product having a bug causing data loss going unfixed for over a year with still no fix in sight. That said product is also open-sourced is not really relevant.