Request a Demo
Home   >   mailing lists

libxml2 video about its abandonment - Mailing list pgsql-hackers

From Bruce Momjian
Subject libxml2 video about its abandonment
Date
Msg-id aUK8aBluNzMZTatU@momjian.us
Whole thread Raw
Responses Re: libxml2 video about its abandonment
List pgsql-hackers
Tree view 
Here is a video about the current status of libxml2's abandonment
status:

    https://www.youtube.com/watch?v=GDr4fKXmUvc

The current libxml2 security text is below -- I think this is a positive
development.  It was rewritten on December 10 to create "a more positive
Security section":

        This patch changes the security section in the README.md file to
        give more information.

        This removes the "unmaintained" text, as this project is
        maintained again. It also makes it clear that this is a
        community project, so anyone will know what to expect, and it
        also makes explicit that developers are volunteers and will work
        on the issues that they want, as a try to avoid pressure from
        bug reporters.

        The message tries to be positive, promoting collaboration instead
        of conflict. The idea is to make it clear that collaboration is
        welcome and the way to go is to do it yourself instead of asking
        the maintainers to do it for you.

Here is the current Security section text:

    https://gitlab.gnome.org/GNOME/libxml2
    
    Security
    
        This is open-source software written by hobbyists and maintained
        by volunteers.

        It's NOT recommended to use this software to process untrusted
        data.  There is a lot of ways that a malicious crafted xml could
        exploit a hidden vulnerability in the software.

        The software is provided "as is", without warranty of any kind,
        express or implied. Use this software at your own risk.

        To report security bugs, you can create a confidential issue
        with the "security" label. We will review and work on it as a
        best effort. But remember that this is a community project,
        maintained by volunteer developers, so if you are concern about
        any important security bug that's critical for you, feel free to
        collaborate and provide a patch.

        The main rule is to be kind. Do not pressure developers to fix
        a CVE or to work on a functionality that you need, because
        that won't work. This is a community project, developers will
        work in the issues that they consider interesting and when
        they want. All contributions are welcome, so if something is
        important for you, you can always get involved, implement it
        yourself and be part of the open source community.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.

pgsql-hackers by date:

Previous
From: "Anders Åstrand"
Date:
Subject: [Proposal] Generate pkg-config for server module development
Next
From: Heikki Linnakangas
Date:
Subject: Re: Flaky 003_start_stop.pl test