| ▲ | veltas 11 hours ago |
| > if there is such a bug, I'm sure someone will figure out how to get in touch with Daniel and co No, that is the point, they are not going to accept your vuln report. They are taking a holiday. |
|
| ▲ | Sharlin 11 hours ago | parent | next [-] |
| Except if you pay them for a support contract. So there is a way, and it's actually a pretty obvious way. |
| |
| ▲ | chaz6 8 hours ago | parent [-] | | I wonder if the likes of Red Hat, SuSE and Canonical have a support contract as they are commercial redistributors. | | |
| ▲ | inigyou 6 hours ago | parent [-] | | Probably not. Why pay someone who's willing to work for free? When he stops working for free, then you pay him. Open source is not exempt from economic principles. |
|
|
|
| ▲ | squigz 10 hours ago | parent | prev [-] |
| There's a pretty big difference between a random report submitted via email, and, say, a close friend of the maintainers letting them know a serious vuln was found and they should login. |
| |
| ▲ | akerl_ 7 hours ago | parent | next [-] | | Curl maintainers are clearly going to still be using computers to provide support for paid customers. But the message is pretty clear: if you’re not a paid customer, you are not getting patches or support from upstream during this month. Plan accordingly. | |
| ▲ | BadBadJellyBean 9 hours ago | parent | prev [-] | | Not if it's a real vacation. If it was me then there would be no way I'd log in. Maybe this will increase the sales of support contracts. |
|
