Re: libxml2 author overwhelmed with security requests

On 2025-Jun-18, Bruce Momjian wrote:

> This blog post explains the serious problems the single libxml2 author
> is having in maintaining the library:
> 
>     https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports
> 
> There are few learnings from this:
> 
> *  libxml2 is even less production-ready than we thought
> *  many projects don't have the resources we do

Maybe some of the companies doing business with Postgres can chime in to
let Nick Wellnhofer (the aforementioned maintainer) spend more time on
libxml2 maintenance:
  https://opencollective.com/libxml2

Currently, looking at the OpenCollective reports, it seems USD 50 come
monthly from Airbnb to libxml2's Wellnhofer.  That's unlikely to pay
very many bills.

-- 
Álvaro Herrera               48°01'N 7°57'E  —  https://www.EnterpriseDB.com/
"Once again, thank you and all of the developers for your hard work on
PostgreSQL.  This is by far the most pleasant management experience of
any database I've worked on."                             (Dan Harris)
http://archives.postgresql.org/pgsql-performance/2006-04/msg00247.php