alt Hacker News"Just send patches" is I think the main point. Rather than just reporting security bugs these big organisations ought to start seeing the point of open source being that can and should be contributing if they value the project and need this fixed because its a pretty obscure problem generated by AI.
Replies
tjpnz • yesterday at 10:30 AM
YouTube made $36.7 billion last year. Time they started pulling their weight.
➕ show 1 reply
_flux • last Saturday at 10:16 PM
Perhaps it'll be sooner than you expect: actually having proper fixes made by AI for the issues found with AI.
bawolff • yesterday at 5:34 AM
I think that is a little entitled. They should be happy google isn't just straight up emailing full-disclisure.
The person who makes the software has the duty to fix the security issues in their own code, nobody else, no matter how big they are.
➕ show 9 replies
I can't help but be reminded about the time that an MS employee put in a ticket on FFmpeg's bug tracker and said it was 'High priority'.[1][2]
On the one hand, this one Microsoft employee was probably in a bind and actually blocked by this bug. On some level, it's hard to blame them as an individual.
On the other hand, Microsoft has no leverage here and pays somewhere between a pittance and nothing for FFmpeg, while getting enormous use out of it. If they regularly donated with either money or patches, then there'd be no beef, but it's the expectation of getting something more for free while already getting so damn much for for zero cents that really grinds both mine and FFmpeg's gears.
That reminds me that I should probably throw some money at FFmpeg, if only to clear my conscience.
[1] https://xcancel.com/FFmpeg/status/1775178805704888726
[2] https://news.ycombinator.com/item?id=39912916