Kind of, in this case its a vulnerability in a portion of code that you need to compile with special flags to even include in the library (ie its not in the default build, you need to rebuild it and opt-in) so its super low impact and just ends up giving the maintainers excessive paperwork.
Again, ignoring/postponing is an option.
At work, we’d just move that to the backlog of shit we may never touch: having it there is good for tracking the issue & gathering notes on our thoughts regarding it, which saves time approaching it like new each time it comes up.
It’s no different for open source maintainers.
Marking an item as won’t fix, deferred, or help wanted or closing redundant items isn’t much paperwork.
Again, the objective reality is the defect exists, and that reality doesn’t change with our awareness of that fact: it’s better to know & track for planning even if the plan is to do nothing.
Kind of, in this case its a vulnerability in a portion of code that you need to compile with special flags to even include in the library (ie its not in the default build, you need to rebuild it and opt-in) so its super low impact and just ends up giving the maintainers excessive paperwork.
Again, ignoring/postponing is an option. At work, we’d just move that to the backlog of shit we may never touch: having it there is good for tracking the issue & gathering notes on our thoughts regarding it, which saves time approaching it like new each time it comes up. It’s no different for open source maintainers. Marking an item as won’t fix, deferred, or help wanted or closing redundant items isn’t much paperwork.
Again, the objective reality is the defect exists, and that reality doesn’t change with our awareness of that fact: it’s better to know & track for planning even if the plan is to do nothing.