The bogus CVE problem

Posted Sep 15, 2023 11:42 UTC (Fri) by wtarreau (subscriber, #51152)
In reply to: The bogus CVE problem by florianfainelli
Parent article: The bogus CVE problem

> this will no doubt create an immense amount of work for projects, distributors, and so on, almost as if it was a jobs program.

... or this garbage will convince many of us that too much is too much and it's time to switch jobs, maybe become a european deputee of some other such dummy jobs where you can vote for random rules that morons will blindly apply. I mean, there's no reason we should be their slaves, we're still free to stop maintaining projects that take too much time under such stupid rules, and let the internet fall apart as well.

The bogus CVE problem

Posted Sep 15, 2023 13:17 UTC (Fri) by pizza (subscriber, #46) [Link]

> ... or this garbage will convince many of us that too much is too much and it's time to switch jobs,

This is the most likely outcome.

> we're still free to stop maintaining projects that take too much time under such stupid rules, and let the internet fall apart as well.

Ah yes, but if you stop maintaining it, you're engaging in willful gross negligence and will be on the hook for $very_massive liabilities. And that's where things are heading.

Damned if you do, damned if you don't.