If you find a security flaw, please follow the following steps in order: 1) Give details to upstream developers to develop or merge a fix 2) Notify downstream developers/distributors of the risk and how to patch it (not the details) so they can ship it ASAP 3) Give people at least a week to upgrade on their own 4) Notify the public that a vulnerability in the old version exists (no details) 5) After you can reasonably hope everyone has updated (months or years later), publish details and/or proof-of-concept There may be circumstances (eg, active exploitation in the wild) that justify deviation from this, but generally, this is a good approach. However, starting with #5 is black-hat behaviour.

More useless AI slop code that makes misleading claims about security: - Not all dependencies are SHA256-pinned - Dockerfile "removes network-capable Python code" for no reason This just hurts actual security projects. If you don't understand security, stop making slop.

The Apple App Store rules are borderline illegal. This isn’t about security. It's not about malware. It's not about user experience. It’s about control. - Use Google login? You must add Apple login - Sell digital products? You must use Apple payments - Apple takes 30% of your revenue (this is frankly insane) - You can’t tell users about cheaper prices outside the app - You can’t use a different payment system like Bitcoin - Apple can reject your app with vague reasons (or bend over due to political pressure) - You can’t install apps outside their store (most regions) They own the platform. They compete with you on it. And you still have to pay them. Is this a monopoly or a mafia gang?

Take 1 minute to sign this fam

Ok they are going that way, trying to save the appearance. This do not change the behavior of Core V30, it still have the outrageously high default on OP_RETURN and -datacarriersize is still in a broken state.