alt Hacker News> Did you have other plans for the weekend? Or a long term project you’re prioritizing? That’s nice, you have a new plan — fix every vulnerability that comes in NOW.
Or you know, provide the security companies and businesses using your software for free with all the fix timelines and out of hours support they’ve paid for (none).
Yeah ... this gets into the question of what exactly an OSS creator's responsibility is towards users that don't pay them.
In theory, nothing.
In practice, it's in our long term interest that bad things don't happen to them.
How sustainable all of this is, I have my doubts?