Nah, c suite was pretty clearly in the right here. Dude left because he was pissed that a vulnerability got assigned a CVE instead of just… Not informing anyone so they could quietly fix it.
Have you looked into the CVE? Apparently it is a non issue. You could use it to dos a service that have an experimental feature enabled, which is disabled by default, on a non stable Version. I understand the dev. CVE should be for serious issues. And they alerted their users over an email list
It can be used for dos, as it is crashing workers, but they will be restarted anyway.
It’s an experimental feature. It doesn’t need a bugfix release because you’re not supposed to run it in production, and it’s just a DoS, not privilege escalation or something
Seems like open source can’t go a week without drama caused by c-suite lately.
Seems like corporate greed can’t go a week without enshitting on a open source project.
You could have ended that sentence with enshitting and still been correct.
Nah, c suite was pretty clearly in the right here. Dude left because he was pissed that a vulnerability got assigned a CVE instead of just… Not informing anyone so they could quietly fix it.
Have you looked into the CVE? Apparently it is a non issue. You could use it to dos a service that have an experimental feature enabled, which is disabled by default, on a non stable Version. I understand the dev. CVE should be for serious issues. And they alerted their users over an email list
It can be used for dos, as it is crashing workers, but they will be restarted anyway.
It’s an experimental feature. It doesn’t need a bugfix release because you’re not supposed to run it in production, and it’s just a DoS, not privilege escalation or something