This user said almost the same thing[0], so I'll refer you to that. In short, RTFM. The first paragraph says "refuses to help programmers __OR__ gives them code with major security flaws". I hope we know the difference between && and ||.

Also, I'm requesting people post their replication efforts. What is it that you care about? The facts of the matter or finding some flaw? The claims are testable, so idk, I was hoping a community full of "smart people" would not just fall for knee-jerk reactions and pull shit out of their asses? It doesn't take much effort to verify, so why not? If you get good evidence against the WP you have a strong claim against them and we should all be aware. If you have evidence supporting the claim, then shouldn't we all also be aware? Even if not strong we'd at least be able to distinguish malice from stupidity.

Personally, I don't want to be some pawn in some propaganda campaign. If you're going to conjecture, at least do the bare minimum of providing some evidence. That's my only request here.

[0] https://news.ycombinator.com/item?id=45280673

▲

PeterisP 4 days ago | parent [-]

It's just that out of these two claims only one is interesting and worth talking about (and that's the one mentioned in the title).

Thank you for your testing! That's a bunch of effort which I didn't do - but checking the other claim is much more difficult; a refusal is clearly visible, but saying whether out of two different codebases one is systematically slightly less secure is quite tricky - so that's why people are complaining about the lack of any description of the methodology of how they measure that, without which the claims actually are not testable.

	▲	godelski 4 days ago \| parent [-]
		One is more concerning, yes, but I'm asking for help vetting. In either case, just blindly accepting or blindly rejecting the claim is unhelpful. Clearly the OP is blindly rejecting, as well as many other comments. These are unhelpful and just perpetuate misinformation campaigns (who's goals are to create chaos, more than they are to create a specific point of view). So I want to ask, what are your comments contributing to? Why are you passionately attacking my comment? What is your vested interest here? Because I don't see this, or the similar comments, contributing much. Can we try to not be so quick to make conclusions and try to figure out the truth? Why are we arguing instead of trying to verify? I do value your opinions, but let's also make sure we know if they are pure conjecture of there's some evidence (even if minor). We can verify the claims, so let's try.