-
@ akkoma stuff
2025-03-01 16:53:28
without wanting to sound too hecked off on public channels, we have without fail report vulnerabilities we find to pleroma
a smaller attack surface is better for all of us, even if we don't agree with how they run things over there. we don't wish harm on them,
so if we can help them out a bit, we do
this includes the security part of today's 3.15.0, we told them we had found a vulnerability, and shared our fixes
they neglected to reciprocate and did not inform us of a very, very critical bug they found. this has caused me to have to rush a hotfix out today.
i don't want to have to rethink our developer relationship with them, but it does feel awfully one-sided about now. this has happened a concerning number
of times.