[$] Forgejo “carrot disclosure” raises security questions
An unusual, some might say hostile, approach to disclosing an alleged
remote-code-execution (RCE) flaw in the Forgejo software-collaboration platform has
sparked a multifaceted conversation. A so-called
“carrot disclosure” in April has raised questions about the
researcher’s methods of unveiling a security problem, Forgejo’s
security policies, and the project’s overall security posture. ⌘ Read more