If you think about this situation as a funnel, the number of apps that are vulnerable to this particular security issue is probably 0. But is it a security issue? Yes.

The ratio of "amount of required effort" (which includes risk of messing up the release) vs "actual impact on the world" is extremely off. "Why do I have to do all this effort / paperwork for something as minor as this?" is what I say to myself.

3
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Aaron Patterson ✅

If the situation were just "high pressure" that would be fine, but if you make mistakes (or even if you don't) people get upset. Working in this kind of environment makes it really hard for me to square the circle of encouraging people to work in Open Source.

4
9mo
d

@tenderlove Abd the juggling the priority of dozens of these.

0
9mo
drenmi

@tenderlove

OP: “There is a security issue.”
Me: “You are _technically_ correct.”
OP: “… The best kind of correct.”

0
9mo
Replies