Kind of, in this case its a vulnerability in a portion of code that you need to compile with special flags to even include in the library (ie its not in the default build, you need to rebuild it and opt-in) so its super low impact and just ends up giving the maintainers excessive paperwork.

Security vulnerabilities are different, especially when they also put a 90 day disclosure period in it which is more severe for a security exploit.

That disclosure bit, not in the article, is really what tipped this all over the edge. If it was just hey, here’s a bug then its really just flooding the backlog for the maintainers who need to triage that. Disclosures are often used so people are aware that they’re using libraries that the maintainer has refused to patch, but in this case its really just holding the maintainers hostage so they end up wasting their time going through irrelevant issues.

Also, many of these libraries get security audits to make sure they are actually triaging and working through their backlogs, so could lose actual funding they get.

Ideally, they would either use their supposedly capable and powerful AI code gen to just make a fix and send over a patch, or at least use LLMs on their own end to triage the issues and only send over the most sever X periodically.

Because its the only one that supports rendering the opening cutscene from a decades old lucas arts game.

It’s easier said than done. A few key pieces took decades to figure out and even now many can only be produced by one or two companies, like ASML.