Since I published Carrot disclosure: Forgejo two days ago, numerous things happened: Friends of mine were reached out to, to "talk to me from a place of trust", or simply to tell them what an horrible person I am, which they found hilarious. The toot linking to the blogpost was removed from infosec.exchange by an overzealous moderator after it had been reported multiple times by multiple people. I thus moved to mastodon.social, where it was also removed with "Irresponsible disclosure" given as a reason. So I moved back to infosec.exchange, where the toot was restored. Numerous instances of the eternal vulnerabilities disclosure debate spawned. Some exploit-writer friends of mine complained that I brought unwanted attention to an easy target. The Netherlands deployed a sovereign software forge in the form of a public forgejo instance. Everyone had an opinion on mastodon on this, especially on what I should do with the vulnerabilities I found, and was really vocal about it. I also got…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.