[Bug 287391] textproc/libxml2: security patches for 2.11.9

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #38 from Torsten Zuehlsdorff <tz@freebsd.org> ---
(In reply to Charlie Li from comment #37)

> And let this be another reminder about the no warranties bit on every open source licence, including our own.

As a member of the ports-secteam, I’d like to respond to this personally.

Yes, it's true that open source software comes with "no warranties". But there
are two important things to keep in mind:

First: project standards matter. FreeBSD has always had high standards and a
strong reputation for reliability. Of course, we can’t fix every port, every
PR, or every security issue right away - but compared to many other projects,
we're doing very well. If we start lowering our own expectations, we risk
becoming just another platform with no real difference in quality. And I see a
lot of volunteers here working hard to keep that bar high.

Second: the world is getting more complicated. In Europe, for example, the
Cyber Resilience Act (CRA) from 2024 makes companies - and in some cases also
open source maintainers - legally responsible for security issues if the
software is used in commercial products. So if we back away from strong
security practices, FreeBSD becomes harder to use in those environments.

So yes, “no warranties” is true - but if we care about adoption and trust, it’s
not the whole story.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.