| ▲ | zeveb 5 hours ago | |||||||
> If a security vulnerability is reported by someone who is also violating the CoC, what do you do? Do you ignore it? Fix it silently? Is this even a question? You triage and fix the vulnerability just like any other one. Are truths spoken by folks one dislikes — even for perfectly valid reasons — any less true? The only way I can imagine this somehow applying is if someone has a habit of reporting vulnerabilities which do not exist, or of exaggerating their severity. Is crying wolf a CoC violation? If so, then I can imagine that particular sort of bad behaviour justifying some consideration before acting on a report. | ||||||||
| ▲ | fragmede 4 hours ago | parent | next [-] | |||||||
How badly are they violating the code of conduct? It wouldn't be the first time a security researcher got thrown into prison or jail, in this line of work. | ||||||||
| ▲ | calvinmorrison 5 hours ago | parent | prev [-] | |||||||
Will xorg backport patches from Xlibre? | ||||||||
| ||||||||