So. The author of that post concerning libxml2 1 is totally right. This must stop. Corporations do nothing but moan about vulnerabilities. Or pay bounties for finding bugs, rather than for fixing them. It’s madness!

I am fully with the author of that issue. For the fun of it, I just did a dnf repoquery --whatrequires libxml2 on my Fedora system and wasn’t really that much surprised how many packages depend on libxml2. Some highlights include postgres, PHP, Apache modules… if I were responsible for my companies IT infrastructure, and if I wouldn’t start to be concerned now, then I should probably become a gardener. Remember the OpenSSH funding trouble ~10 yrs ago? Same again. 🦗🎵

  1. Triaging security issues reported by third parties