| fungi | interesting policy i haven't see before... the fontforge maintainers summarily reject "security reports without an accompanying fix" https://www.openwall.com/lists/oss-security/2026/04/16/5 | 16:48 |
|---|---|---|
| fungi | aha! according to https://github.com/fontforge/fontforge/wiki/Community-guidelines#D1 it's because they have decided that hardening it against untrusted input is not a goal of the project | 16:50 |
| fungi | so this is similar to our situation with qemu-img i guess, where the upstream maintainers say not to pass untrusted files to their software | 16:51 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!