If I had an open source program that is being used by fuckers like Google, who can afford to pay but don’t, and then come in and demand shit. I’d just ignore them and pretend they don’t exist and continue with my life. Let them bark until they’re blue in the face. But first I’d put this as the first line in the README.md “if you’re a big corporation and need help, come with money. Otherwise, please don’t bother me”.
Not only that they have the money, but Google is actively working to lock down their streaming platform (YouTube) against third-parties and they have basically yanked the rug for their OS platform, while adding requirements for developers to sideload.
Their entire direction is antagonistic and in opposition to the core concepts of FOSS
The problem is that some small but non-zero fraction of these bugs may be exploitable security flaws with the software, and these bug reports are on the open internet. So if they just ignore them all, they risk overlooking a genuine vulnerability that a bad actor can then more easily find and use. Then the FOSS project gets the blame, because the bug report was there, they should have fixed it!
If I had an open source program that is being used by fuckers like Google, who can afford to pay but don’t, and then come in and demand shit. I’d just ignore them and pretend they don’t exist and continue with my life. Let them bark until they’re blue in the face. But first I’d put this as the first line in the README.md “if you’re a big corporation and need help, come with money. Otherwise, please don’t bother me”.
Not only that they have the money, but Google is actively working to lock down their streaming platform (YouTube) against third-parties and they have basically yanked the rug for their OS platform, while adding requirements for developers to sideload.
Their entire direction is antagonistic and in opposition to the core concepts of FOSS
The problem is that some small but non-zero fraction of these bugs may be exploitable security flaws with the software, and these bug reports are on the open internet. So if they just ignore them all, they risk overlooking a genuine vulnerability that a bad actor can then more easily find and use. Then the FOSS project gets the blame, because the bug report was there, they should have fixed it!
The main issue there is that project zero, where if you ignore what Google has reported, they will just go ahead and disclose the issue.