Hacker News new | ask | show | jobs
by throwa356262 48 days ago
The growing popularity of the project + an increase of AI-powered security enthusiasts submitting random bugs has created a HUGE backlog for the Foregejo security team.

Instead of acting like this, the author should offer to help the project.
2 comments
jszymborski 48 days ago
I think the author would argue they did try to do so, but their efforts were poorly received.
link
dgellow 48 days ago
The author doesn’t owe forgejo anything. They are doing them a favor by highlighting the issues
link
throwa356262 48 days ago
No, the author is seeking attention. He is not doing forgejo or their users any favours by completely ignoring the rules of engagement

https://en.wikipedia.org/wiki/Coordinated_vulnerability_disc...

link
throawayonthe 47 days ago
coordinated disclosure has always been a courtesy (with a deadline to motivate the vendor to fix their stuff) and i don't like how people seem to just expect it now
link