Comment by Timshel
20 hours ago
Especially since it appears there is a solution if you truly need a fix.
> Or you get a support contract and we get to read about it earlier.
20 hours ago
Especially since it appears there is a solution if you truly need a fix.
> Or you get a support contract and we get to read about it earlier.
> Especially since it appears there is a solution if you truly need a fix.
If you ever really need anything fixed in the open source world, there is always the option of doing it yourself
Doing the fix yourself is almost always the easy part. Disclosing it and getting a patch shipped across the entire Internet is the hard part.
Why would you personally need the entire internet to receive a fix?
5 replies →
Yes - and realistically, if you're $BIGCO who's shipped a billion devices with some obscure curl vulnerability you just discovered, then the hard part is going to be rolling out a patch to all of them anyway, which is still a 'you' problem.
In 2026 there is a considerably cheaper/quicker solution, but that in no way invalidates OSS maintainers' right to enjoy a summer vacation without interruption.