Post · bonfire.cafe

Post

Log in

daniel:// stenberg://

@bagder@mastodon.social · 3 days ago

It is our moral imperative to consider the "real world" and actual users when assessing the possible security impact of a reported #curl issue. If we deem that there is likely to be zero affected users, then we do more damage than good by insisting on doing the secure dance for the issue.

Then we end up with a severity level that is below LOW, and then we treat it as a bug instead. For the good of mankind.

@graaff@ruby.social replied · 3 days ago

@bagder As a downstream we thank you for this pragmatism.

StoneBear :potion_genderqueer:

@stonebear2@hachyderm.io replied · 3 days ago

@bagder Which has the knock-on effect of freeing time that would be done dancing security to, you know, _fix bugs_... winner!

daniel:// stenberg://

@bagder@mastodon.social replied · 3 days ago

@stonebear2 yeah, at least as long as waiving off the incoming tsunami doesn't eat all my time and energy...

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.35 no JS en

Automatic federation enabled

Log in