- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- The developer of the ‘node-ip’ project made the GitHub repository read-only after disputing the severity of a reported vulnerability (CVE-2023-42282).
- The vulnerability involved incorrect identification of private IP addresses in non-standard formats, but the developer argued it had a dubious security impact.
- The situation highlights ongoing issues with unverified CVE reports causing unnecessary panic and frustration for open-source project maintainers.
Then fork it and do that.
These projects are structured as hobbyist projects and get whatever time the maintainer can spare. I have projects like that, they’re useful, but I’m not gonna prioritize them over… anything else, come to think of it.
The fact so many people treat a hobbyist project with one maintainer as critical infrastructure is insane, but that’s on them. Everybody likes free software, nobody likes to help or pay the maintainer.