top | item 42580305

(no title)

mhink | 1 year ago

Given the brevity of the security report, I figure the author wanted to get the relevant details about the *incident* posted as fast as humanly possible. However, it does seem appropriate to acknowledge that just because they're being terse doesn't mean they don't understand how big of a mistake it was.

That being said, I would also strongly expect a more in-depth blog post following up, with details about just the sort of thing you're mentioning.

discuss

smallnix|1 year ago

I understand the interest about this bug, but to my understanding this is an unpaid hobby project?

If that's true I don't feel entitled to expect anything here.

mort96|1 year ago

I think your parent comment used "expect" to mean "predict" rather than "demand"?

unknown|1 year ago

[deleted]

lupire|1 year ago

You can expect anything you want in software you use, and choose not do you software that fails to meet expectations.

A software author who takes pains to publish his work and who accepts financial donations, is likely interested in maintaining his reputation and improving his skill and quality.

Finally, security bugs are in a class of their own. Giving out free junk is OK. Giving out free secret poison is not.