> The security team is composed of unpaid volunteers who work on numerous time-sensitive projects simultaneously. You may not be aware, but since a group of maintainers and contributors left earlier this year to form their own fork called "Lix," there have been many vacant positions across several Nix teams.
> The security team is composed of unpaid volunteers who work on numerous time-sensitive projects simultaneously. You may not be aware, but since a group of maintainers and contributors left earlier this year to form their own fork called "Lix," there have been many vacant positions across several Nix teams
Normally I'm sympathetic to claims about people being entitled to work from open source projects, but in this instance, I don't think this is the case. If this were a request for a feature or a bug without significant security impact, expecting any sort of timeline at all would be unreasonable, but I don't see how not having enough people to work on a project would imply that users should be left vulnerable for longer. In my opinion, it's much more "entitled" to demand that a known security bug in your own code base be hidden from your users because you would prefer to keep working on whatever you're currently doing.
> The security team is composed of unpaid volunteers who work on numerous time-sensitive projects simultaneously. You may not be aware, but since a group of maintainers and contributors left earlier this year to form their own fork called "Lix," there have been many vacant positions across several Nix teams
Normally I'm sympathetic to claims about people being entitled to work from open source projects, but in this instance, I don't think this is the case. If this were a request for a feature or a bug without significant security impact, expecting any sort of timeline at all would be unreasonable, but I don't see how not having enough people to work on a project would imply that users should be left vulnerable for longer. In my opinion, it's much more "entitled" to demand that a known security bug in your own code base be hidden from your users because you would prefer to keep working on whatever you're currently doing.