If you don’t want to read through all the comments, here’s the shortened version.
An Alma Linux dev submitted a patch for a security vulnerability that could crash a certain piece of software via a user sending it the right data. A RedHat dev responded by saying that they would hold off unless they saw “customer demand” for it to be merged. People got mad because it seemed as if RedHat was pushing it aside and prioritizing their customers over people that might need that fix. Long story short, contributing a fix is helpful but hardly all the work and because there is only so much time in the day they have to choose to prioritize some fixes over others. RedHat needs to merge, test, and assess the fix to make sure they aren’t screwing something else up. At the end of the ordeal RedHat said they would try to explain a little more to eliminate misunderstandings like this. We can only hope that the community stop overreacting on limited information.
If you don’t want to read through all the comments, here’s the shortened version. An Alma Linux dev submitted a patch for a security vulnerability that could crash a certain piece of software via a user sending it the right data. A RedHat dev responded by saying that they would hold off unless they saw “customer demand” for it to be merged. People got mad because it seemed as if RedHat was pushing it aside and prioritizing their customers over people that might need that fix. Long story short, contributing a fix is helpful but hardly all the work and because there is only so much time in the day they have to choose to prioritize some fixes over others. RedHat needs to merge, test, and assess the fix to make sure they aren’t screwing something else up. At the end of the ordeal RedHat said they would try to explain a little more to eliminate misunderstandings like this. We can only hope that the community stop overreacting on limited information.