this post was submitted on 13 Nov 2025
324 points (99.1% liked)

Technology

77164 readers
2744 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
324
FFmpeg to Google: Fund Us or Stop Sending Bugs (thenewstack.io)
submitted 2 weeks ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
33 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] nandeEbisu@lemmy.world 1 points 2 weeks ago (1 children)

An issue I've seen brought up in the open source community is that they have audits that look at the number of untriaged issues and time to resolve serious issues that their funding depends on.

I'm in software, but not open source, so it seems like they don't have someone aligned with their team who they can sit down and say "either we need more resources, cut scope for new features, or accept quality / security issues coming up" to, its kind of this weird game of politics they end up needing to play to get any kind of funding for full time maintainers.

That's the main reason they can't just ignore issues that come up in their backlog, especially security ones.

[โ€“] lmmarsano@lemmynsfw.com 1 points 2 weeks ago* (last edited 2 weeks ago)

their funding depends on

That's an unnecessary issue regarding someone's income, which some projects don't even have.

its kind of this weird game of politics they end up needing to play

They don't need to. It's a supply & demand issue: if a maintainer finds the terms unacceptable and goes "fuck you, pay us right, lower your expectations, or piss off" then what is the funder going to do? Let the software rot? They either want the software or they don't, and it's not going to be cheaper to develop that software in a non-open setting. They'll have to reconcile terms or find another maintainer who'll work for less in a market where their skills are highly valued.

Objective facts of reality are unrelated to the reasonability of business arrangements people work out to address those facts. This is a negotiation skills issue to address with the business partner, not with immutable, objective reality.

It's a free world: anyone is free to express truths about security defects at any time, and no one owes anyone anything on the timing of those disclosures.