Forum: RetroDigital BBS

[$] Forgejo "carrot disclosure" raises security questions

From LWN.net@618:250/24 to All on Sat May 9 06:40:09 2026

An unusual, some might say hostile, approach to disclosing an alleged remote-code-execution (RCE) flaw in the Forgejo software-collaboration platform has
sparked a multifaceted conversation. A so-called
"carrot disclosure" in April has raised questions about the
researcher's methods of unveiling a security problem, Forgejo's
security policies, and the project's overall security posture.

https://lwn.net/Articles/1071499/
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

Who's Online
Recent Visitors
- Vintagegeek
  Tue May 12 12:24:50 2026
  from Swarthmore, Pa via Telnet
- Rwe
  Mon May 11 13:28:11 2026
  from Europe via HTTPS
- Rwe
  Mon May 11 12:54:03 2026
  from Europe via Telnet
- Vintagegeek
  Sun May 10 14:06:07 2026
  from Swarthmore, Pa via Telnet

System Info

Sysop:	deepend
Location:	Calgary, Alberta
Users:	308
Nodes:	10 (0 / 10)
Uptime:	00:03:09
Calls:	2,544
Calls today:	1
Files:	5,947
D/L today:	128 files (25,814K bytes)
Messages:	472,340

Synchronet Oneliners
- Tsukaj@rdbbs
  Tue Mar 17 22:27:28 2026
  hell yeah this is so cool
- Ecjonas@rdbbs
  Tue Mar 31 06:08:47 2026
  Fedora be nice, i think
- Vintagegeek@rdbbs
  Wed Apr 1 09:46:05 2026
  Happy April 1st
- Vintagegeek@rdbbs
  Mon Apr 6 06:47:06 2026
  5 4 3 2 1 Lift Off
- Madprops@rdbbs
  Mon May 4 04:03:30 2026
  ay caramba
- Vintagegeek@rdbbs
  Wed May 6 17:48:32 2026
  Remember the Alamo