LogJ4 Security Inquiry - Response Required https://daniel.haxx.se/blog/2022/01/24/logj4-security-inquiry-response-required/
On Friday January 21, 2022 I received this email. I tweeted about it and it took off like crazy. The email comes from a fortune-500 multi-billion dollar company that apparently might be using a product that contains my code, or maybe they have customers who do. Who knows? ... Tweet mentioned above: https://twitter.com/bagder/status/1484672924036616195 If you are a multi billion dollar company and are concerned about log4j, why not just email OSS authors you never paid anything and demand a response for free within 24 hours with lots of info? ... --- Richard Stallman stresses the importance of freedom, and many people follow his instructions. This kind of episode makes me wonder: is freedom enough? We tell people: "It's free as in freedom, not as in free beer." While I don't object to this slogan, I must point out that in reality, the vast majority of free software users get it for free, without paying anything for it. When you get something for free, you are supposed to say thanks. With free software, many people fail to do that. I fear lack of gratitude, in wholehearted emotion as well as outward expression, will have consequences. It's rude not to say thanks. Some people try to justify rudeness with claims like this: "This isn't sophisticated. It didn't take much skill or effort to make. It's not important." If this is not accurate, it can lead to trouble for those affected, including the good-willed author who released his work under a free license.