JLLeitschuh commented on PR #228: URL: https://github.com/apache/jspwiki/pull/228#issuecomment-1272316873
> I have to say that I find this kind of PRs disrespectful and irresponsible I'm sorry to hear that you feel disrespected. That was not my intention. Please forgive me. > Sending bulk e-mails is very similar to how spam works. > For ASF projects, you can directly follow up with these instructions; since there are more than 200 ASF projects, plus the incubating ones, surely that's worth automating. I'm struggling to understand what you're asking for here with these two comments. They seem to contradict eachother. > Please respect everybody else's time, which will probably be as scarce and valuable as yours, and play nice. Think of it as if part of your security research involves time on those tasks. I fully recognize that Open Source is "free as in free puppy". I've been an open source developer for many years. I believe that users of open source can't have any expectations of open source maintainers (the software is freely made available without a contract), but unfortunately that also means that there can be no expectations around anyone in the OSS community, including security researchers. > Every other vulnerability report that we have received has done that, so sending a security report without checking is somewhat disrepectful to other security researchers. AFAIK, no other security researcher has attempted to disclose and fix vulnerabilities at this scale before. I'm forging a new path, and I fully admit I may have gotten it wrong in places, but I am taking feedback like yours into consideration. I'm sorry that this upset you so much. If you'd like to setup some time to discuss your feelings and potential solutions in more detail, feel free to grab a slot on my calendar. I'm more than happy to chat. https://calendly.com/d/g5x-jtk-653/one-off-meeting -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jspwiki.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
