Informatik Student, lerne 日本語, Strategiespiele

Migrated to PlexSheep@infosec.pub due to feddit.de having various errors for a longer period now.

  • 1 Post
  • 114 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle









  • Company: Here is a security vulnerability in your OSS project, please fix our production is vulnerable.

    Random Guy working on OSS library in his free time: Sure, I have some time next month.

    Random Guy works full-time, has a family and friends. Random Guy is not your supplier and has no obligations and warranties WHAT SO EVER, even implied. That’s what the license of his project says.

    If Company wants it fixed, they better allow him to work full time on it, or pay part time work. Or they pay someone else to maintain Project and send the changes to Project so Random Guy can take a little look and merge if he feels like it. Random Guy won’t just merge company code and be done with it, more code in a codebase needs to be maintained now after all.

    This also works with features of course. The time of Random Guy is valuable and if Company wants Random Guy to work on something they use, they’d better pay good money for that time.