daniel:// stenberg://

1 month ago

daniel:// stenberg://
1 month ago

For your amusement, let me quote a selected phrase from a #curl related hackerone comment I just submitted.

"IT IS AND WAS NOT A SECURITY PROBLEM. You are still wasting our time."

(The reporter reported he could access the git repository using .git on the curl.dev site. A static site with a public git repository. Shocking.)

Sorry, but sometimes things need to be said using all caps.

#curl

in reply to daniel:// stenberg://

p

in reply to daniel:// stenberg:// 1 month ago

really, your response could just be "pebkac", but I get the impression you are too kind
@bagder

@daniel:// stenberg://

in reply to daniel:// stenberg://

daniel:// stenberg://

in reply to daniel:// stenberg:// 1 month ago

this reporter has 2800+ reputation on hackerone (which is rather a lot) with numerous claimed verified vulnerabilities in his track report but apparently felt terribly hurt when I immediately shut down this nonsensical claim.

Sloppy reporting should be stomped down.

in reply to daniel:// stenberg://

Leah

in reply to daniel:// stenberg:// 1 month ago

how is being able to access a public git repo a security problem its not like curl is closed source

in reply to Leah

daniel:// stenberg://

in reply to Leah 1 month ago

@otter it's not

@Leah

in reply to daniel:// stenberg://

spv

in reply to daniel:// stenberg:// 1 month ago

@bagder

@daniel:// stenberg://

⇧

daniel:// stenberg://

daniel:// stenberg:// 1 month ago • •

p

daniel:// stenberg://

Leah

daniel:// stenberg://

spv

daniel:// stenberg://
1 month ago