zlacker

[return to "F-Droid Fake Signer PoC"]
1. panny+CV[view] [source] 2025-01-04 10:29:43
>>pabs3+(OP)
I don't like people like this. They do the work of finding a bug, but rather than try to fix it, they grandstand and shout about how bad the thing they obviously enjoy is no good at all. If I find a vulnerability in code I enjoy, I work to fix it and then only after my ironclad fix is applied, do I mention that it existed and that I fixed it so it can never be exploited again.

"Security researchers" IMO are the most cringe and worst examples of community members possible. They do not care about making things better, they only care about their own brand. Selling themselves, and climbing the ladder of embarrassed hard working people who do things for the love of doing.

◧◩
2. int_19+1S1[view] [source] 2025-01-04 20:36:41
>>panny+CV
Per the write-up, they only went public with details of this exploit after F-Droid merged the "fix" that didn't actually fix the problem despite having been warned that it will not, and despite being told what they actually need to do to fix it properly.
[go to top]