Looks like the same poorly implemented Android CT library that broke a lot of apps a couple years ago... did it again 🤦♂️
https://github.com/appmattus/certificatetransparency/issues/143#issuecomment-2993688741
@filippo I don't like that you explicitly state "poorly implemented". Yes, maybe, but no reason to shit on the developer when they are unpaid and not the actual issue here. That's insensitive and uncalled for.
@julijane it’s not so black and white. If you are an unpaid maintainer you have no obligation to put in extra work, for sure. But if you do take down the banking system of a country once (still not your fault!) and people tell you your library is broken… I think you start having a responsibility to either deprecate it, fix it, or at least warn users. We live in a society.
Maybe, as a bank, you should not be using a random library taken from the internet, with a single maintainer and some 100 stars, and make it a critical dependency of your banking operations.
Maybe, as a bank, your IT should write and maintain such a library and open source it.
Maybe, as a bank, you should not continue to use the first library, and do the second thing after the first library was able to take down critical parts of your infra the first time.
Because we live in a society, and as a bank, you should be contributing to it, too.
But then, what do I know.
@isotopp @filippo @julijane I mean, banks finance stuff. They could simply finance at least some #FOSS projects, donate money. I mean, we don't need billions of dollars for open source libraries (maybe billions of dollars for everything #FOSS, but we are here dealing with some infrastructure and some apps), so most banks should be able to do that.
