top | item 47205618

(no title)

nwellnhof | 17 hours ago

About a day after I resigned as maintainer, SUSE stepped in and is now maintaining the project. As announced here [1], I'm currently trying a different funding model and started a GPL-licensed fork with many security and performance improvements [2].

It should also be noted that the remaining security issues in the core parser have to do with algorithmic complexity, not memory safety. Many other parts of libxml2 aren't security-critical at all.

[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/976

[2] https://codeberg.org/nwellnhof/libxml2-ee

discuss

wooptoo|4 hours ago

Hi Nick, first of all thank you for your work and dedication through the years.

Second, I found this entirely by accident just now: https://www.sovereign.tech/programs/fellowship

> For the duration of the fellowship, one “maintainer-in-residence” will be employed up to full-time (32-40 hours per week) as part of the Sovereign Tech Agency team. > This option offers the maintainer the personal and professional advantages of being part of team, as well as the stability of being employed to continue working on critical FOSS infrastructure. > This position is only available for maintainers located in Germany,