No, it’s still open source work, completely voluntary in the free world.
Disclosures are often used so people are aware that they’re using libraries that the maintainer has refused to patch
No, they merely tell reality: an unresolved security issue was found.
How anyone handles that is their business.
There is no inherent duty.
People who would rather write a fix than write & maintain their own daunting library will send a fix.
could lose actual funding they get
If someone’s getting paid, and it’s not worth the work, then that is also their business.
It’s still open source.
If the solution saves more effort than doing it yourself, then the people who need it won’t just let it all go to waste.
This is entirely a social issue of managing & rebuffing unrealistic expectations.
It’s perfectly valid to set boundaries, remind folks beggars can’t be choosers, and tell them pitching in gets more done.
No, it’s still open source work, completely voluntary in the free world.
No, they merely tell reality: an unresolved security issue was found. How anyone handles that is their business. There is no inherent duty.
People who would rather write a fix than write & maintain their own daunting library will send a fix.
If someone’s getting paid, and it’s not worth the work, then that is also their business. It’s still open source. If the solution saves more effort than doing it yourself, then the people who need it won’t just let it all go to waste.
This is entirely a social issue of managing & rebuffing unrealistic expectations. It’s perfectly valid to set boundaries, remind folks beggars can’t be choosers, and tell them pitching in gets more done.