Sinonatrix

@Sinonatrix@hexbear.net

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I hate sitting out a github bash but they’re entirely right and neither of those are vulnerabilities, HackerOne isn’t for arguing over design

Important projects should use signed commits and there should be a giant red flag raised when repositories are force pushed IMO but those are two different issues, neither of which can be cashed in for a bug bounty