Catanzaro: Do you trust this application?

Michael Catanzaro lamentsthe poor level of security provided by free-software applications,focusing on TLS verification issues in particular."In the case of Shotwell, the issue has been fixed in git, but itmight never be released because nobody works on Shotwell anymore. Iinformed distributors of the Shotwell vulnerability three months ago viathe GNOME distributor list, our official mechanism for communicating withdistributions, and advised them to update to a git snapshot. Mostdistributions ignored it. This is completely typical; to my knowledge, thestable releases of all Linux distributions except Fedora are stillvulnerable."