new | show | ask | jobs Github

littlecranky67 4 days ago

What is the motivation behind posting such things? I understand if there is a bug bounty program, does cURL have one?

▲

sailorganymede 4 days ago | parent | next [-]

So you can put this on your resume:

Open Source Contributor: - Diagnosed and fixed a key bug on Curl

▲

netsharc 4 days ago | parent [-]

Hah, the opposite of "AI" meaning "Actually Indian"... "Here's my CV, but actually all my work will be done by AI".

With apologies for stereotyping.

	▲	palmotea 4 days ago \| parent [-]
		> "Here's my CV, but actually all my work will be done by AI". What AI did you use? Because we want to hire that, not you. If AI exceeds human capabilities, it won't because it achieved "superintelligence," it will because it caused human abilities to degrade until the AI looks good in comparison.

▲

vdupras 4 days ago | parent | prev | next [-]

What if it was some kind of "meta DDoS"? I mean, you can DDoS a server with simple requests, but here the effect is meta: it "DoS"es real humans. What if someone had something to gain from doing this? The tools to do this seem to all be there.

▲

progbits 4 days ago | parent | prev | next [-]

Yes they do. But I also wonder why curl seems to get so many of these. They don't have the highest payouts, have been around for long time so presumably most low hanging fruit the AI has even a remote chance of finding was fixed, and they are well known to be on the lookout and strict about AI reports.

	▲	jmuguy 4 days ago \| parent [-]
		Might be easier for AI to generate this specific bullshit because of curl's long history.

▲

ceejayoz 4 days ago | parent | prev [-]

https://curl.se/docs/bugbounty.html