Typical reasonable disclosure is in terms months usually, not “nearly a week”. OP is being irresponsible at best by posting this before giving time to the developers to see, and act on it.
Just a random guy.
- 1 Post
- 33 Comments
Joined 1 year ago
Cake day: June 24th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Thank you, I was going to write one up tonight for it. You emailed security @ correct? https://github.com/LemmyNet/lemmy/security/policy
OP doesn’t seem interested in that. They state they “sent a vulnerability a week ago” and didn’t hear back so they are being completely irresponsible and posting about it publicly on a community instead.
If you find a way to disclose vulnerabilities without being ghosted by Lemmy developers: update me.
How have you been “ghosted by Lemmy developers” especially if you “do not use GitHub”
4·1 year agoI mean, maybe it’s because I’m not overly paranoid or live in the US, but this doesn’t seem like a big deal at all.
As for the “drama” of them telling someone they can unfollow, it’s true. It’s again, not a big deal.
This screams people trying to make a mountain out of a molehill.
I ended up just hosting my own Searxng instance. Seems a lot easier to control and not be dependent on how someone else has theirs set up.
My favorite part is when it finally becomes somewhat less overloaded, and my instance gets flooded with a bunch of posts from there filling the entirety of my front page, and the second page…
Thank you I’ll look into it.
5·1 year agoI’m guessing the latter.
Or a farmer
playing withusing explosives to remove a trunk.
That’s great news! Hopefully it releases soonish.
I’m the only one here.
Not only annoyingly slow, but I tend to get a massive influx of posts from one community all at once. It fills my entire page with that single community. It’s been my biggest annoyance so far.
0·1 year agoThat’s awesome, now I just have to figure out how to convince my wife to let me do it.
All good
6·1 year agoWhat does this have to do with the fediverse? I don’t want American political bullshit cluttering my feed like happened on that other site with literally every sub.
Sorry I’m just frustrated as a lot of communities have become nothing but the latest reddit drama. I’m just hoping that doesn’t happen with this one too.
This is great and all, but what does it have to do with /c/piracy ?
There are many other communities about whatever the latest reddit drama is, please don’t let this sub become like some others that are flooded with nothing but reddit drama
I’m using a cloudflare tunnel for it. I also have crowdsec installed, only allow ssh keys and only from my IP (I have a static from my ISP), and no ports open other than the ones needed.
It absolutely does, it also means following up, not “They didn’t reply in a week so instead of trying other ways to contact them, I’m just going to post about it”. They didn’t even try to open an issue because they “don’t use github” all while coming here talking about how bad the vulnerability is.
It’s poor (lack of) judgement on OP’s part.