On 2025-Jun-18, Bruce Momjian wrote:
> This blog post explains the serious problems the single libxml2 author
> is having in maintaining the library:
>
> https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports
>
> There are few learnings from this:
>
> * libxml2 is even less production-ready than we thought
> * many projects don't have the resources we do
Maybe some of the companies doing business with Postgres can chime in to
let Nick Wellnhofer (the aforementioned maintainer) spend more time on
libxml2 maintenance:
https://opencollective.com/libxml2
Currently, looking at the OpenCollective reports, it seems USD 50 come
monthly from Airbnb to libxml2's Wellnhofer. That's unlikely to pay
very many bills.
--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
"Once again, thank you and all of the developers for your hard work on
PostgreSQL. This is by far the most pleasant management experience of
any database I've worked on." (Dan Harris)
http://archives.postgresql.org/pgsql-performance/2006-04/msg00247.php
