Comment by tptacek

Comment by tptacek 4 days ago

2 replies

View on Hacker News

You needed to have a security contact on your website, or at least in the repo. You did not. You assumed security researchers would instead back out to your Github account's repository list, find the .github repository, and look for a security policy there. That's not a thing!

I'm really surprised you wrote this.

qualeed 4 days ago

>I'm really surprised you wrote this.

I agree with the rest of your comment, but this seems like a weird little jab to add on for no particular reason. Am I misinterpreting?

Reply View 1 reply
  • tptacek 4 days ago

    No, there's some background context I'm not sharing, but it's not interesting. I didn't mean to be cryptic, but, obviously, I managed to be cryptic. I promise you're not missing anything.

    Reply View 0 replies