| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Álvaro Herrera <alvherre(at)kurilemu(dot)de> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: libxml2 author overwhelmed with security requests |
| Date: | 2025-06-19 15:21:20 |
| Message-ID: | CAFj8pRC81esT_nX+6VYjqqdpLPAfxBrkSKZQEmNnwuTG7jh8ng@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
čt 19. 6. 2025 v 11:00 odesílatel Álvaro Herrera <alvherre(at)kurilemu(dot)de>
napsal:
> On 2025-Jun-18, Bruce Momjian wrote:
>
> > This blog post explains the serious problems the single libxml2 author
> > is having in maintaining the library:
> >
> >
> https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports
> >
> > There are few learnings from this:
> >
> > * libxml2 is even less production-ready than we thought
> > * many projects don't have the resources we do
>
> Maybe some of the companies doing business with Postgres can chime in to
> let Nick Wellnhofer (the aforementioned maintainer) spend more time on
> libxml2 maintenance:
> https://opencollective.com/libxml2
>
> Currently, looking at the OpenCollective reports, it seems USD 50 come
> monthly from Airbnb to libxml2's Wellnhofer. That's unlikely to pay
> very many bills.
>
plus - there is not any free alternative for C
Regards
Pavel
>
> --
> Álvaro Herrera 48°01'N 7°57'E —
> https://www.EnterpriseDB.com/
> "Once again, thank you and all of the developers for your hard work on
> PostgreSQL. This is by far the most pleasant management experience of
> any database I've worked on." (Dan Harris)
> http://archives.postgresql.org/pgsql-performance/2006-04/msg00247.php
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-06-19 15:29:55 | Re: BackendKeyData is mandatory? |
| Previous Message | Tom Lane | 2025-06-19 15:20:53 | Re: minimum Meson version |