|
|
|
|
|
|
by zeveb
1 hour ago
|
|
|
> If a security vulnerability is reported by someone who is also violating the CoC, what do you do? Do you ignore it? Fix it silently? Is this even a question? You triage and fix the vulnerability just like any other one. Are truths spoken by folks one dislikes — even for perfectly valid reasons — any less true? The only way I can imagine this somehow applying is if someone has a habit of reporting vulnerabilities which do not exist, or of exaggerating their severity. Is crying wolf a CoC violation? If so, then I can imagine that particular sort of bad behaviour justifying some consideration before acting on a report. |
|
|