The libxml2 maintainer announced a policy to treat security issues like normal bugs, making reports public immediately and fixing them when time permits rather than honoring secrecy or embargo deadlines.
This change stems from the unsustainable volunteer burden of handling security embargoes without funding or support from major corporate users.
The maintainer criticizes big tech companies for relying on libxml2 in their products but not contributing fixes, funding, or maintenance support.
Community members propose adopting explicit MAINTENANCE-TERMS.md files to clarify that access to code does not guarantee response times, giving maintainers permission to decline or delay work.
The discussion highlights broader concerns about sustainability, funding, and corporate responsibility in open-source maintenance.
Get notified when new stories are published for "General AI News"