In fairness, the "public good" nature of an Open Source security library does create an incentive problem that's well known in the literature, and is probably related in some way to the failure here.
You might have seen the story about how it gets $2000 in donations a year, which is supposed to be enough to marshal the expertise to prevent this kind of thing.
You might have seen the story about how it gets $2000 in donations a year, which is supposed to be enough to marshal the expertise to prevent this kind of thing.
https://news.ycombinator.com/item?id=7575210