Post AxEYFFft3kdsAalfv6 by drewdaniels@mastodon.online
 (DIR) More posts by drewdaniels@mastodon.online
 (DIR) Post #AxEWAmvPo9OpwDm6nw by ricci@discuss.systems
       2025-08-16T16:43:09Z
       
       0 likes, 0 repeats
       
       Today would be a good day to take a look at the FOSS software that you rely on (don't forget libraries!) and see if any of the projects take donations
       
 (DIR) Post #AxEYFFft3kdsAalfv6 by drewdaniels@mastodon.online
       2025-08-16T17:06:20Z
       
       0 likes, 0 repeats
       
       @ricci agreedOn XZ Utils vulnerability in 2024: “the very real and ongoing risks created by maintainer burnout, and the enormous benefits realized” https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystemOn libxml2, June 2025 about the single maintainer: “highlighting the burden on unpaid volunteers who keep critical open source software secure” https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reportsThese are only recent reports. Heartbleed in OpenSSL highlighted this systematic problem leading to initiatives like https://en.m.wikipedia.org/wiki/Core_Infrastructure_Initiative