Azzu@lemmy.dbzer0.com 8 months ago
Why make a Lemmy post about this and not just a GitHub issue?
Just for the hell of it, I don’t know about OP, but I don’t even know how to.
I went to the relevant linked section and couldn’t find a way to raise an issue directly. I’m going to try again, and if I succeed I’ll return here and make a top level comment for anyone scrolling by and wondering. I’ve never tried to do this before, so I’ll see how it goes.
OP managed to find the bug. He knows how to fix it. Obviously he’d know how to make an issue about it, and probably even know how to contribute his fix that he already made in the official way to the open source project.
You do not possess these skills so obviously you’re not the one who should make the issue.
Yet he decided to somehow create this public post highlighting something that could be sketchy to try to publicly discredit the devs. There is no other reason to do it like this.
If it could be sketchy the public should know about it.
The people that didn’t change their password after it getting leaked should also know about it and update their info.
Whistleblowers like Op are doing the right thing. No blind faith in some dear leader.
Because the main Lemmy devs are authoritarian assholes.
I think it should be more public knowledge than just people who peruse the github issues. Also, it’s so trivial to fix that it will save them some time if they don’t have to close the issue after they spend literally 10-15 seconds fixing it.
There is no other reason to do it like this in a Lemmy post other than you want to publicly discredit the devs somehow. This is quite obviously a mistake and not a way to harvest admin passwords. Just fixing it and not trying to stir up shit would have been the right thing to do.
“Why would I get the notice through the proper means where they can fix it, when I can make a public post that doesn’t actually solve the issue at hand?”
The same thing as people who think reddit threads are bug reports.
I frequently make bug reports and contributions to all kinds of software. If this wasn’t something that impacted people’s security and trust evaluation, that’s exactly what I would have done.
Put it this way: If Android, or Outlook or whatever, was sending your admin password home to Google or Microsoft, and then people showed up to say it was probably an innocent mistake and why are you even making a big deal about it, just report it and let them fix it instead of creating drama, that would be absurd. That’s how I feel about the people here telling me the same thing.
I think you should also make a GitHub issue too
It would literally take me longer to make the github issue than it would take them to fix it, by quite a big margin. You can make one for it, if you still feel super-strongly about it though.
And look at how much time you wasted defending your position to not post a github issue. Fucking unbelievable that you will publicly complain but NOT bring the issue up with the devs
Fuck people like you
I could have that PR up in like 5 minutes. And poop while I was doing it.
It literally takes a minute to make a GitHub issue and you could have linked it here for your conversation. Probably would have helped the admins of ml change things. Especially considering that things like this get overlooked all the time in open source projects.
I am a lazy unreliable person. But I find value in what you found and want it fixed.
If you don’t do it, it probably will not get fixed so fast
lorty@lemmy.ml 8 months ago
Why try to fix the issue if you can just farm some drama?