Post details
A project with a footprint like Log4j is not possible to avoid as a transient dependency even if you donβt directly import it. Log4j is a canonical logging utility for a huge ecosystem. Its current radius is beyond doing due diligence.
Post details
The log4j case is not a showcase for bad OSS funding. It is a showcase for naive and cheap users not doing their due diligence, code review and testing before using components. Remember goto fail? Silly bugs are shipped even with the greatest funding.
Daniel π₯ Stenberg (@bagder)Mon, 13 Dec 2021 15:05 GMT
Jaana Dogan γ€γ γγ¬γ³ (@rakyll)Mon, 13 Dec 2021 16:26 GMT
by 
Jamie Tanna
.
This post was filed under likes.
Interactions with this post
Interactions with this post
Below you can find the interactions that this page has had using WebMention.
Have you written a response to this post? Let me know the URL:
Do you not have a website set up with WebMention capabilities? You can use Comment Parade.