The context is right there, on the gitlab page. They don’t want to merge it because it would mean they have to do actual work and spend time testing it, which instead they’d prefer their customers to complain to them about the vulnerability first before doing any of that. Not my words, but theirs.
Everyone is on the “hate Red Hat” train right now, and this might just be bad communication or not fully in context, or both.
The context is right there, on the gitlab page. They don’t want to merge it because it would mean they have to do actual work and spend time testing it, which instead they’d prefer their customers to complain to them about the vulnerability first before doing any of that. Not my words, but theirs.
Waiting for a security breach to fix something, sounds crazy