And can we have bounties for fixing know CVEs in that abandoned code?
Abandoned Code home should only allow security changes and if someone wants to revive the project, bump the major version and get out of abandoned code home. That is to prevent abuse by introducing new CVEs into software.
While the abandoned code home hosts that piece of software for as long as some corporation wants to keep it alive with low investment.
Found CVE in abandoned code and fixed yourself? Good for you, still eligible for bounty.
there exist at least one or two of those. i can't think of the name unfortunately. i believe it has been discussed on hackernews too.
https://www.commonhaus.org/ seems to be something similar, but that's not what i was thinking of. the one i remember focused on projects that their maintainers wanted to give up right away.
jve|6 months ago
Abandoned Code home should only allow security changes and if someone wants to revive the project, bump the major version and get out of abandoned code home. That is to prevent abuse by introducing new CVEs into software.
While the abandoned code home hosts that piece of software for as long as some corporation wants to keep it alive with low investment.
Found CVE in abandoned code and fixed yourself? Good for you, still eligible for bounty.
kstrauser|6 months ago
I kid. Mostly.
zappb|6 months ago
em-bee|6 months ago
https://www.commonhaus.org/ seems to be something similar, but that's not what i was thinking of. the one i remember focused on projects that their maintainers wanted to give up right away.
arp242|6 months ago