Re: libxml2 video about its abandonment

Hello,

As of december 9th libxml2 has two maintainers:

Daniel Garcia Moreno and Iván Chavero (me), we're trying to

steer the project in a more positive direction.

Contributions are welcome!

Cheers,

Iván

En 17/12/25 8:21 a.m., Bruce Momjian escribió:
> Here is a video about the current status of libxml2's abandonment
> status:
>
> https://www.youtube.com/watch?v=GDr4fKXmUvc
>
> The current libxml2 security text is below -- I think this is a positive
> development. It was rewritten on December 10 to create "a more positive
> Security section":
>
> This patch changes the security section in the README.md file to
> give more information.
>
> This removes the "unmaintained" text, as this project is
> maintained again. It also makes it clear that this is a
> community project, so anyone will know what to expect, and it
> also makes explicit that developers are volunteers and will work
> on the issues that they want, as a try to avoid pressure from
> bug reporters.
>
> The message tries to be positive, promoting collaboration instead
> of conflict. The idea is to make it clear that collaboration is
> welcome and the way to go is to do it yourself instead of asking
> the maintainers to do it for you.
>
> Here is the current Security section text:
>
> https://gitlab.gnome.org/GNOME/libxml2
>
> Security
>
> This is open-source software written by hobbyists and maintained
> by volunteers.
>
> It's NOT recommended to use this software to process untrusted
> data. There is a lot of ways that a malicious crafted xml could
> exploit a hidden vulnerability in the software.
>
> The software is provided "as is", without warranty of any kind,
> express or implied. Use this software at your own risk.
>
> To report security bugs, you can create a confidential issue
> with the "security" label. We will review and work on it as a
> best effort. But remember that this is a community project,
> maintained by volunteer developers, so if you are concern about
> any important security bug that's critical for you, feel free to
> collaborate and provide a patch.
>
> The main rule is to be kind. Do not pressure developers to fix
> a CVE or to work on a functionality that you need, because
> that won't work. This is a community project, developers will
> work in the issues that they consider interesting and when
> they want. All contributions are welcome, so if something is
> important for you, you can always get involved, implement it
> yourself and be part of the open source community.
>