i just think it’s strange it’s been a month since log4shell and the FSF has not said a single word about it
i would love to hear their thoughts about what small, underfunded teams of people working on open source should do when the entire internet is breathing down their neck to fix a vulnerability and if its wise to continue proselytizing a world view that can’t put food in the mouths of people who love writing software
Personally I think the very idea of something being Free and Open addresses the issue pretty well. Yes it would be nice to give the devs more money. But very idea of free kind of puts money on the back burner. MS doesn't support Windows 7 anymore and there are way more versions of that laying around the Internet than Log4j and they aren't taking crap.