HN 提问:其他操作系统维护者是否也收到了大量的安全漏洞垃圾邮件?
2 分•作者: majora2007•13 天前
我正面临着一些细枝末节的安全漏洞,比如在自托管软件中,能够通过 IDOR(不安全的直接对象引用)访问其他用户的个人资料图片。
然后,提交者们不断地给我发垃圾邮件,催促我发布漏洞信息,尽管我已经发消息说明下一个版本会触发发布(我的产品没有固定的发布日期,但通常是每三个月一次)。
这让我不堪重负。其他维护者们都在采取哪些措施来应对这种情况?
查看原文
I'm being hit with small, nitpick security vulnerabilities, like being able to IDOR profile images for other users on a self-hosted software.<p>Then the submitters are spamming me to release a vulnerability, despite me messaging stating the next release will trigger the release (there are no release dates for my product, but usually every 3 months).<p>It's becoming overwhelming. What practices are other maintainers putting in place?