What you may be missing is that they develop on github and that activity is public. The bad guys can already see security updates going in, pre-release. You seem to believe that if they don't release a security update on 4 July, that the bad guys won't know that there is an exploitation opportunity. They can already see the development work.
Now, if they had a larger team they could have a separate private git version for the really sensitive stuff, and a process for quickly pushing it into the public version for release. But until recently the core team was two people; now it's three. Perhaps this makes it a toy in your mind, but since the only alternatives are billionaire-owned surveillance/advertising systems I guess this is the best we are going to get.
Joe /
npub1wc…qdgz2
2024-07-04 18:37:39
in reply to nevent1q…kzl9
Author Public Key
npub1wc5dayhk6slu44gj78xl5ec6gjpgghywcy40zemgcpg9evwkza8qxqdgz2Published at
2024-07-04 18:37:39Event JSON
{
"id": "5e6129572b563afa44b601a5310d7829fe746cb46b66331c727dc4ab19c019c5",
"pubkey": "7628de92f6d43fcad512f1cdfa671a4482845c8ec12af16768c0505cb1d6174e",
"created_at": 1720111059,
"kind": 1,
"tags": [
[
"p",
"f8347ec37d9f23959ba62dd8391fbcade87a7c071205c96f890432e5c047a6ed"
],
[
"p",
"43299b31d81dc368dc620a7d0cf2e830d3b1788661afe2e163bce11f8388dede"
],
[
"p",
"7628de92f6d43fcad512f1cdfa671a4482845c8ec12af16768c0505cb1d6174e"
],
[
"e",
"e33ec1d2c1157f90cbe4c5538b992a657ce34a2a1e311f200174ba21f3c6871c",
"",
"root"
],
[
"proxy",
"https://sfba.social/@not2b/112729198369613615",
"web"
],
[
"e",
"7abc489440d3a8c0e82ae76095ccfd71d57e5a68c8a2b68c11b6af2c39709d34",
"",
"reply"
],
[
"proxy",
"https://sfba.social/users/not2b/statuses/112729198369613615",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://sfba.social/users/not2b/statuses/112729198369613615",
"pink.momostr"
],
[
"expiration",
"1722703214"
]
],
"content": "What you may be missing is that they develop on github and that activity is public. The bad guys can already see security updates going in, pre-release. You seem to believe that if they don't release a security update on 4 July, that the bad guys won't know that there is an exploitation opportunity. They can already see the development work.\n\nNow, if they had a larger team they could have a separate private git version for the really sensitive stuff, and a process for quickly pushing it into the public version for release. But until recently the core team was two people; now it's three. Perhaps this makes it a toy in your mind, but since the only alternatives are billionaire-owned surveillance/advertising systems I guess this is the best we are going to get.",
"sig": "0cf14f73332d264350d9f6f82dd93ebcb1080e3dc9919fb7f9176fe876c9197ad45135230f38536bee13b6c829de7275652e69761702a4860326e43c1764c818"
}