I found it interesting how the maintainers reacted to these issues.
Would you mind if we set some of your priorities also? You're asking us to do free labor for you, that you're unwilling to do yourself. Do not put ultimatums and demands on people making FOSS, or I won't hesitate to block you from these repos.
Just another guy who thinks he’s Gods gift to open source because he found a bug, and thinks the volunteer developers fail to show proper gratitude by not dropping everything to work on your pet bug.
Interestingly, he was silent for 3 weeks after being assigned to the bug, then came back to post his blog post and nothing else. I've seen this blog post a few times today, looks like his self promoting strategy is working.
To be fair, this is a bug that could be the end of lemmy. As soon as one malicious actor sues even a few instance admins, other will get scared and shut down their instances. As the reporter points out, this isn’t just a shiny feature that’s missing. Instance admins lack the ability to follow data protection requirements that their users have a right to. It’s a lawsuit waiting to happen.
To be fair, this is a bug that could be the end of lemmy.
Then the reporter should have acted like it was, indeed, that important. Like, putting money or a PR into it.
Just "someone, sometime, somewhere, might sue" does not suffice to fix things. Just like with physical products in the real world, if someone, somewhere, sometime, might sue, then you designate money, time and staff into your project to pre-corect the things to minimize the chance of that happening, or to buy whatever auditing / maintenance needed to check for issues.
And, correctly enough, the devs are not saying "we won't fix this". They are saying, "fix this requires people to pour $X time and $y money into it. Care to chime in?"
Unfortunately, the world of free software users is full of "couch coaches".