If you fixed something in an open source library you use, and you don't push tha... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		grumbelbart2 43 days ago \| parent \| context \| favorite \| on: FFmpeg to Google: Fund us or stop sending bugs If you fixed something in an open source library you use, and you don't push that upstream, you are bound to re-apply that patch with every library update you do. And today's compliance rules require you to essentially keep all libraries up to date all the time, or your CVE scanners will light up. So fixing this upstream in the original project has a measurable impact on your "time spent on compliance and updates KPI".

cornonthecobra 42 days ago | [–]

This touches on what I ended up telling them: maintaining a local patchset is expensive and fragile. Running customized versions of things is a self-inflicted compliance problem.

I still had to upstream anonymously, though.

mmooss 42 days ago | [–]

That is a real benefit, I agree.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact