Geheimorganisation<p>wie ein großer lyriker unser zeit, haftbefehl, schon sang: "CVEs fallen wie blätter im herbst, es ist … hass … schmerz" <a href="https://chaos.social/tags/matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>matrix</span></a> <a href="https://chaos.social/tags/chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chromium</span></a> <a href="https://chaos.social/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a> <a href="https://chaos.social/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
211active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#libxml2
0 posts · 0 participants · 0 posts today
JdeBP<p><span class="h-card" translate="no"><a href="https://mastodon.world/@davidnjoku" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>davidnjoku</span></a></span> <span class="h-card" translate="no"><a href="https://social.ridetrans.it/@Andres4NY" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Andres4NY</span></a></span> </p><p>It isn't. Because of recent events with <a href="https://mastodonapp.uk/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a>, the discussion has arisen once again, in the open source world, of how much businesses who rely upon projects that are both gratis and libre are freeloading off volunteers, and dressing doing so up in security theatre. Security theatre that holds within it a threat against the livelihoods of those volunteers.</p><p>And in addition to that there are the businesses whose own livelihoods are built around desperately finding as many things to classify as security problems as they can, to gain a reputation as a problem finder, without lifting a finger to fix any of them in any way. Because no-one is apparently checking their reputations as problem fixers.</p><p>* <a href="https://lwn.net/SubscriberLink/1025971/73f269ad3695186d/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lwn.net/SubscriberLink/1025971</span><span class="invisible">/73f269ad3695186d/</span></a></p><p><a href="https://mastodonapp.uk/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodonapp.uk/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a></p>
Philipp :geeko: :natenom:<p>The lone volunteer maintainer of <a href="https://digitalcourage.social/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a>, one of the open source ecosystem’s most widely used XML parsing libraries, with an excellent rant about how Apple, Google, Microsoft and their BigTech Bros exploit <a href="https://digitalcourage.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> software and the volunteers behind it:</p><p><a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913#note_2439345" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.gnome.org/GNOME/libxml2</span><span class="invisible">/-/issues/913#note_2439345</span></a></p>
Eve Ventually<p><a href="https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports" rel="nofollow noopener" target="_blank">libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden</a></p><blockquote><p>The lone volunteer maintainer of libxml2, one of the open source ecosystem’s most widely used XML parsing libraries, has <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913" rel="nofollow noopener" target="_blank">announced</a> a policy shift that drops support for embargoed security vulnerability reports.</p></blockquote><p>I've taken heat in other venues for talking about this kind of thing when there's been an overreaction to a <strong>near miss</strong> <em>caused</em> by overreliance on a project that isn't getting support from the organizations that rely on it.</p><p>There's not one here yet. Maybe big tech can pay attention this time?</p><p><a href="https://toot.cat/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a></p>
Nico Rikken<p>I tried validating <a href="https://mastodon.nl/tags/Docbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docbook</span></a> v5 using <a href="https://mastodon.nl/tags/xmllint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xmllint</span></a> from <a href="https://mastodon.nl/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a> via <a href="https://mastodon.nl/tags/RelaxNG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RelaxNG</span></a> and <a href="https://mastodon.nl/tags/Schematron" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schematron</span></a> but wasn't successful. The RNG validation threw unexpected errors and the Schematron validation threw an internal error. It could be my source file, but it seems fine. Does somebody here have a working setup or tips to share?</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload