Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Is this an oblique reference to OSS Fuzz, or something else?

It seems weird to blame Google here, given that they didn’t manufacture the bugs: the bugs were already there, and they just found them. This is arguably the best thing for all parties: open source maintainers are still under no obligation to fix things, but downstreams can properly inform themselves about the risks they inherit by using any given project.

The alternative is a “don’t ask, don’t tell” system, which people generally agree doesn’t work well in other aspects of life.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: