Got another one of those "your project has a vulnerability!" e-mails, about the old Mailpile code-base.
Sometimes I ignore these (especially if they are fishing for bounties), sometimes I engage... it depends. In my experience they are almost always wrong and it can be a bit tiresome to keep explaining why their heuristics are wrong.
In this case they were claiming we were making insecure, unverified TLS connections.
So I kinda had to respond! (1/n)
Bjarni |grep -i tech /
npub1ld…cewpp
2023-07-28 16:18:36
Author Public Key
npub1ld3dsut48c5f2q3sql5wfpznt6fvkelmq9yqk7the9tmq6fnk2rqqcewppPublished at
2023-07-28 16:18:36Event JSON
{
"id": "1d91b56e529dbd2feba250a57a6219c60d8f5232a7c0fb51e53f6a85d00d764a",
"pubkey": "fb62d871753e2895023007e8e484535e92cb67fb01480b7977c957b06933b286",
"created_at": 1690561116,
"kind": 1,
"tags": [
[
"mostr",
"https://floss.social/users/HerraBRE/statuses/110792613300496430"
]
],
"content": "Got another one of those \"your project has a vulnerability!\" e-mails, about the old Mailpile code-base.\n\nSometimes I ignore these (especially if they are fishing for bounties), sometimes I engage... it depends. In my experience they are almost always wrong and it can be a bit tiresome to keep explaining why their heuristics are wrong.\n\nIn this case they were claiming we were making insecure, unverified TLS connections.\n\nSo I kinda had to respond! (1/n)",
"sig": "9953a83e4e8962fdf1adac7c354ab2cf72b209b7ea4729bbb03bdc96bac9ee21e3b7a732f7968759cb7573de4d18cbe34305d92003e47c875961560bbde36dd4"
}