We did the due-diligence to announce both the devs and the users. 'Known' is a strong word, and we did not do any vulnerability proving for those ~130 apps.
Not all apps that have a dependency with a known vulnerability are vulnerable themselves.
The power of FOSS is the community around the open code, our 'many eyes' are needed in the packaging department, hope you and others are doing your part too.
F-Droid /
npub1mt…mtrt0
2024-06-04 06:24:22
in reply to nevent1q…rltk
Author Public Key
npub1mtrk3vl7546q9c4lf0k62nkaypanv6t95gyh32f5jp63ffalu98s4mtrt0Seen on
wss://relay.nostr.bandPublished at
2024-06-04 06:24:22Event JSON
{
"id": "f30276e7a762289db8a48dcb75b90b298b337a2e53211b4513d5f3a6ae470dbf",
"pubkey": "dac768b3fea57402e2bf4beda54edd207b366965a20978a934907514a7bfe14f",
"created_at": 1717482262,
"kind": 1,
"tags": [
[
"p",
"5a82134f5134517100ccf158ef61abb7ea7d26640ee429123b1bec4460bfb79a"
],
[
"proxy",
"https://floss.social/@fdroidorg/112556917538718787",
"web"
],
[
"p",
"dac768b3fea57402e2bf4beda54edd207b366965a20978a934907514a7bfe14f"
],
[
"e",
"65ac399143b376fd29f13f84b29b41b31890bb246ad3ffea26d9135e65af46a6",
"",
"root"
],
[
"e",
"962edb1667a6b998f590b5d6e5200581f28087af8ce7094a5c44e2f3d529436c",
"",
"reply"
],
[
"proxy",
"https://floss.social/users/fdroidorg/statuses/112556917538718787",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://floss.social/users/fdroidorg/statuses/112556917538718787",
"pink.momostr"
]
],
"content": "We did the due-diligence to announce both the devs and the users. 'Known' is a strong word, and we did not do any vulnerability proving for those ~130 apps. \n\nNot all apps that have a dependency with a known vulnerability are vulnerable themselves.\n\nThe power of FOSS is the community around the open code, our 'many eyes' are needed in the packaging department, hope you and others are doing your part too.",
"sig": "dbe8e64f61ebc47f3365f7a20ca6618ba683f1e163d7a5e89dbfe4b57e212bbf04faef07a9fa6031c4403e65069163036f9498a9a03c03f785e929fd63d4a06d"
}