Rich Felker on Nostr: Heads-up FOSS maintainers! There is a person sending bulk patches/PRs to FOSS ...
Heads-up FOSS maintainers!
There is a person sending bulk patches/PRs to FOSS projects for supposed issues "Found by RASU JSC" (not sure if that's a static analysis tool itself, or some org).
The patches I've received are all very, VERY wrong formulatic changes, maybe even LLM-generated, doing things as stupid as replacing sprintf(s, fmt, ...) with snprintf(s, sizeof s, fmt, ...) where s has pointer type.
If you've accepted any such patches, review carefully & possibly revert!
Published at
2024-03-24 19:39:34Event JSON
{
"id": "ae29a171e12ca2d77a6bff4c8d4002d02833b82a7ace9e9827f4ef7b569dc251",
"pubkey": "d0d29fd9819bb2d14b5a485e42e4ef1c559ba30e320f3b3e54785aa2ffc5974f",
"created_at": 1711309174,
"kind": 1,
"tags": [
[
"proxy",
"https://hachyderm.io/users/dalias/statuses/112152358053667373",
"activitypub"
]
],
"content": "Heads-up FOSS maintainers!\n\nThere is a person sending bulk patches/PRs to FOSS projects for supposed issues \"Found by RASU JSC\" (not sure if that's a static analysis tool itself, or some org).\n\nThe patches I've received are all very, VERY wrong formulatic changes, maybe even LLM-generated, doing things as stupid as replacing sprintf(s, fmt, ...) with snprintf(s, sizeof s, fmt, ...) where s has pointer type.\n\nIf you've accepted any such patches, review carefully \u0026 possibly revert!",
"sig": "93c255db24d707f0a80c26c5cc2bd1af111ebf44fc6a73e64efade8dfc61279d35f3ffb78df86c47528778ab8ceca29ab17d8e6d11ae4cdef52d08459edfd705"
}