I'm sorry but I have no sympathy. I turn down real jobs to work on my hobby. Why won't anybody pay me??
What does he expect to happen? I really don't get it. If you like to work on opensource. Sure, do your thing. But if the benefit in CV building and personal satisfaction are not enough, why don't you stop doing it?
Whether you know it or not, you have used libjpeg-turbo. In fact you are probably using it every day, it's just behind the scenes, just like openssl is.
These projects deserve funding, if at least from giants like facebook & co.
> These projects deserve funding, if at least from giants like facebook & co.
Absolutely.
Looking at:
https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/...
one wonders what possible harm could come from leaving image decompression buffer faults from maliciously crafted jpegs in popular browsers and software unattended.
> one wonders what possible harm could come from leaving image decompression buffer faults from maliciously crafted jpegs in popular browsers and software unattended
This is yet another reason a switch to a memory-safe language like unsafe-free Rust is highly imperative.
WUFFS is a special purpose language for Wrangling Untrusted File Formats Safely:
WUFFS pays a high price (loss of generality) for a valuable reward (compile time assurance of memory safety, very high performance) and it makes no sense for people to hand roll this sort of software in C when they should use WUFFS.