-
@ LisPi
2025-03-03 12:27:10
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqfvuj00vj7tqhpg9xxq55lnjc6f6svsy2dpp40mjqrp9t0tenng9sfhu6d8 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq5cduqertz3tg25dgp48rkvq9qwsvlv0324g82kedy5dmu77q345sv8qcga Arguably by not integrating upstream's questionable features (which in some cases include new vulnerabilities), they can make it safer.
Upstream continuously making such increases the load on forks, as it makes cherry-picking and backporting security fixes harder.
That being said, a lot of the forks apparently mitigate this by simply gating off/disabling the vulnerable feature in the interim while a proper fix is being backported.