Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

They are contributing back, which is a good thing. Other companies just fork, fix, and forbid to contribute back.


Burning out maintainers isn't "contributing back".


Do you have any examples of Google submitting vulnerabilities and refusing to assist maintainers create a patch when asked to do so?


Wasn’t that a story with ffmpeg a few months ago? And people were getting roasted for even the suggestion that google should contribute patches?


People were getting rightly roasted for calling google a leech when A) google does donate money to ffmpeg and B) that bug was in a weird format google almost certainly has disabled so they're not reporting it to get free labor.


From the horses mouth: "Michael Niedermayer, a leading FFmpeg developer, tweeted, “I am the main developer fixing security issues in FFmpeg. I have fixed over 2700 Google OSS fuzz issues. I have fixed most of the BIGSLEEP issues. And i disagree with the comments FFmpeg (Kieran) has made about Google. From all companies, Google has been the most helpful & nice.” https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-send...

Sounds like Google has been very helpful and nice.



Maybe you posted the wrong link- I don't see anything at all about Google making a report or being asked to do anything and declining?



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: