alt Hacker News> For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.
Surely you can't be serious about "most" (= a clear majority) oss projects not fixing vulnerabilities in a reasonable time frame?
> For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.
Surely you can't be serious about "most" (= a clear majority) oss projects not fixing vulnerabilities in a reasonable time frame?