"Security" category
Meta
6
Post
3
Autori
0
Visualizzazioni
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
@julian It would be great to have a collection of these that I could look through, to make sure I'm not making easily preventable mistakes myself.
Of course, potential bad guys would be able to look through it too...
-
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
thisismissem@hachyderm.io how so? In the sense that discussed vulnerabilities might be exploitable cross-implementation?
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
thisismissem@hachyderm.io hmm that's fair. I don't think it precludes interested parties from having these discussions though.
I'm not sure what the right solution is.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
thisismissem@hachyderm.io hmm that's fair. I don't think it precludes interested parties from having these discussions though.
I'm not sure what the right solution is.
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
-
thisismissem@hachyderm.io how so? In the sense that discussed vulnerabilities might be exploitable cross-implementation?
-
@julian It would be great to have a collection of these that I could look through, to make sure I'm not making easily preventable mistakes myself.
Of course, potential bad guys would be able to look through it too...
-
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
-
25 September 2025
A new category has appeared! Moderation & Server Administration is up and running for your questions and discussion about all things instance admin related. This category is a bit of a catch-all but I am happy to discuss splitting the category into additional categories given usage. fediadmin no longer auto-categorizes to General, it now goes to the Moderation category fedimod and fedimods will now auto-categorize to the Moderation category.
-
24 September 2025
This week, a new logo was uploaded for the site NodeBB now supports nicknaming remote categories so the three identically-named "Fediverse" communities are now nicknamed to show their instance origin (PieFed.social, Lemmy.world, and Lemmy.ml) ― thanks django@social.coop for letting me know
