[seeekr]

I'm confused by the fact that there's no mention of interaction with the Hyper project's authors. I'm fairly certain that Sean & contributors will want to address the underlying issue, if they haven't already done so (clearly they were describing the potential for misusing the Hyper API very directly in the docs!), and pointing that out and clearly stating when and how that has been or will be addressed would shine a much more positive light on everyone, including the security researchers.

I see that there's an 1.0 RC release and the offending API seems to have changed and is probably not amenable to this type of misuse any more. The article authors could have easily added some info about that -- I certainly would have appreciated not having to go looking for that myself.

[Havoc]

>I'm confused by the fact that there's no mention of interaction with the Hyper project's authors.

Perhaps the view taken is that this isn't a hyper problem? i.e. hyper is open and unrestricted by design and it is the package users responsibility to not point said unrestricted gun at their foot

Agree though that either way some mention of hyper interaction would be good here