Re: libxml2 video about its abandonment - Mailing list pgsql-hackers

Hello,


As of december 9th libxml2 has two maintainers:

Daniel Garcia Moreno and Iván Chavero (me), we're trying to

steer the project in a more positive direction.


Contributions are welcome!


Cheers,

Iván


En 17/12/25 8:21 a.m., Bruce Momjian escribió:
> Here is a video about the current status of libxml2's abandonment
> status:
>
>     https://www.youtube.com/watch?v=GDr4fKXmUvc
>
> The current libxml2 security text is below -- I think this is a positive
> development.  It was rewritten on December 10 to create "a more positive
> Security section":
>
>          This patch changes the security section in the README.md file to
>          give more information.
>
>          This removes the "unmaintained" text, as this project is
>          maintained again. It also makes it clear that this is a
>          community project, so anyone will know what to expect, and it
>          also makes explicit that developers are volunteers and will work
>          on the issues that they want, as a try to avoid pressure from
>          bug reporters.
>
>          The message tries to be positive, promoting collaboration instead
>          of conflict. The idea is to make it clear that collaboration is
>          welcome and the way to go is to do it yourself instead of asking
>          the maintainers to do it for you.
>
> Here is the current Security section text:
>
>     https://gitlab.gnome.org/GNOME/libxml2
>     
>     Security
>     
>          This is open-source software written by hobbyists and maintained
>          by volunteers.
>
>          It's NOT recommended to use this software to process untrusted
>          data.  There is a lot of ways that a malicious crafted xml could
>          exploit a hidden vulnerability in the software.
>
>          The software is provided "as is", without warranty of any kind,
>          express or implied. Use this software at your own risk.
>
>          To report security bugs, you can create a confidential issue
>          with the "security" label. We will review and work on it as a
>          best effort. But remember that this is a community project,
>          maintained by volunteer developers, so if you are concern about
>          any important security bug that's critical for you, feel free to
>          collaborate and provide a patch.
>
>          The main rule is to be kind. Do not pressure developers to fix
>          a CVE or to work on a functionality that you need, because
>          that won't work. This is a community project, developers will
>          work in the issues that they consider interesting and when
>          they want. All contributions are welcome, so if something is
>          important for you, you can always get involved, implement it
>          yourself and be part of the open source community.
>