That, or your project gets sidelined. Which is where the danger lies.

I work for a big multinational software company that uses a lot of Open Source Software. We have a security office that audits all of our products several times a year. If any piece of our stack shows any open CVEs we have a fixed amount of time to fix the issue, with the amount of time varying from a few days (for CRITICAL severity issues) to roughly half a year for the lowest severity issues. A lack of a fix for a published CVE isn’t an excuse for not fixing the issue on our end — the software still has a security flaw in it, and the organization is so incredible security averse (thanks in part to having contacts in the defence industry) that they don’t want to risk expensive lawsuits and the loss of reputation if a vulnerability is exploited.

A lot of bigger organizations now work this way. We’ve all seen what has happened to organizations that have had significantly security breaches, and it’s not pretty. Our customers are big corporations and government entities — and if they even sniff a risk there are going to be problems. So if there is an unpatched exploit, we’re expected to either switch to something comparable, or DIY a solution (either replacing the library in question, or potentially patching it ourselves).

If ffmpeg allows known and published vulnerabilities to languish, the risk here is that organizations that use their code will simply stop using it and will look for other solutions. That’s a tough pill for an Open Source Software developer to swallow, especially when they make it as big and important as ffmpeg. You might wind up in a situation where an entity like Google forks your code and takes ownership, and eventually gets everyone to migrate to using their version instead (like what they did with WebKit to Chrome), leaving you sidelines. Or maybe someone else jumps in with a compatible solution that works well enough for enough users that they switch to that instead.

Now in an ideal world, the Google’s of this world would not only submit a CVE but would also submit a patch. Having been an OSS developer myself I’ve always encouraged my staff if they find a bug in a piece of software we use to file a bug report and ideally a patch if they know how to patch the issue correctly — but I know that is hardly universal within our organization, and probably even less so elsewhere.

TL;DR: a lot of OSS success relies on having lots of users, or at least some big and important users. But you risk losing those if you leave CVE’s open for too long, as company policies may require scrapping software with unfixed CVEs. That loss of users and reputation is dangerous for an OSS project — it’s how projects get supplanted, either by a fork or by a new (and similar) project.

Yaz

This surprises you? The only way to 'force' values like that is to give government more power than it should ever have. We have seen throughout history what governments do when they can do anything, and it is not pretty.

I do not have a recommended solution, but I am glad that you brought the subject up.

Anti-trust doesn't work very well when a few pools of money own everything. Anti-pooling needs to become a thing, but that potentially breaks the freedom of association that we have all come to love and adore. It is messy; but, no matter the economic system proposed, this pooling of resources can break all/any version of any proposed economic system..

The news here is Tim Berners-Lee apparently hasn't used his invention in the past 5 years. Everyone who has knows it's dying.

Apparently Aldi started accepting credit cards around 2017

And I have noticed no benefit. WTF are they actually committing? More antisocial shit? More rearranging of the UI? More user hostile stuff? It may just be time to leave the fucking Internet forever. Everyone and everything just fucking sucks.

They already exist for Visa. There is Traditional, Signature, and Infinite.

Hey great. Wonderful news. Yes, I will admit that the Democrats are a MUCH better deal than the Republicans.... but

Your measurements are relative. I do consider the relative, but first and most important, I check the absolute. The absolute contains Democrats fully owned by wealthy people who vote for laws that further enslave the mind and body of humans.

Is it better to vote for a Democrat than a Republican? You betcha. Is it okay to vote for a Democrat because they are a Democrat? Absolutely not.

I will vote for absolutely zero people with an R next to their name. Unfortunately, I will be voting for absolutely zero people with a D next to their name either. I would vote for a few people with a D next to their name, but they are not eligible to receive my voted. I would love to vote for AOC or Jasmine Crockett. Are either really capable of running a competent government? Doubtful, but their voices are better than the rest of the Democrats... and FAR FAR superior to anything the Republicans have said. They have gone full genocidal maniac at this point. WTF is up with Trump begging the Supreme Court to not force his administration to make SNAP payments? Jesus fucking Christ on a pogo stick. The Supreme Court agreed in less than 24 hours. I am personally not affected yet, but I see a LOT of death in the near future as people start getting desperate.

Think about it for a minute: They are forgoing FREE work by humans, to PAY a machine to do it. Something doesn't add up here. Why are they willing to throw money away to make an inferior product?

Most importantly, why would anyone volunteer to help Mozilla ever again?

Truly psychopathic and sociopathic at the same time. Money has fucked up Mozilla.

Yes, it's a double edged sword. By exuding rewards cards they will reduce their expenses, and at the same time exclude individuals with high credit scores. Businesses will need to think carefully about what is best for them. However, I fear most will do the simplest thing, and cut costs.

Most likely businesses that want to be viewed as upscale will continue to accept those cards. Businesses that want to be low cost (Aldi is the most extreme case, as they don't accept cards currently) will not.

I would, but they keep running over people that they can't see... so it is kind of my problem to worry about.

Who cares? The people that invested unwisely get wiped out and the people who didn't carry on as if nothing ever happened. Gambling is the gambler's problem, not mine.

I am continuously flummoxed by people like you thinking that you or your opinion matters. The only thing that matters as far as people in your position are concerned are what the masses do as a whole. As a whole, the masses prefer cheap shit regardless of external costs because the masses are unable to put 2 and 2 together to get 4.

YOU DON"T MATTER. The only thing that matters is what can be manipulated. None of our leaders are leading. They are taking. From you. So I guess you matter a little bit.

Republicans have guaranteed that nobody wants to vote for them ever again. Look at the most recent elections: Democrats swept almost every single race with historic levels of votes.

I am certain the Republicans will die as a party in the next few years; however, that just means that the top Democrats will be just as fully corrupt as the Republicans are now. Where do you think all of that 'campaign' money will go and with what strings attached?

Deeper change is needed.

Sure, as long as you are willing to ignore all the terrible things the Democrats have supported or championed over the years. They are bought and paid for at the top.