Good decision.

I don't think it will stop the slop though 😔

thanks for curl! ❤️

did the "bad faith" genre grow with the introduction of AI?

I totally understand the move. When running web apps with bounties this has been an issue even before AI as there are so many things of little to no value one can report.

Anyway just saw you'll be at FOSDEM, looking forward to see you rant about sloppy security reporters in person ;)

Hello @bagder ,
I wonder if moving to a less crowded code hoster might lower the maintenance burden related to AI crap ?
I am sure you are aware of @Codeberg for example.

At @backintime we also have to deal with low-quality (student) and AI-crap PRs. Moving the project to @Codeberg is one item of my todo list.

For all #foss maintainers I hope we can find a way.

First: we have not cut anything, we have a proposal about doing it end of January.

Then: we plan to shut down the curl bug-bounty, which is what pays security researchers for reported confirmed security vulnerabilities. Today we get those reported through Hackerone.

There is no perceived problem in the curl project related to issues or PRs on GitHub and we do not intend to change anything in regards to them at this point.

(cont)