Ariadne Conill

@koush File integrity is a component of ensuring the entire system is secure. While I agree that su shouldn't be upgradable by the app (and it certainly was not in...

This has been implemented since late 2018, in leading implementations. Unfortunately implementations which have not followed attempts to harden the security model of the fediverse might be inconvenienced but they...

I also have to say it’s pretty funny to see somebody so proud of their CVE count to be advocating less security, especially in a context where the legacy AP...

> I feel like this setting should be called REQUIRE_SIGNED_API_READS or something. "secure mode" is a misnomer and doesn't accurately represent the consequence of enabling it, at least for Mastodon....

Indeed, it would be nice to see Mastodon 4.0 finally switch the default. With the large number of new users, many of which are at risk for targeted harassment, having...

Thanks! There is also `/etc/secfixes.d` which is an `/etc/apk/repositories.d` type directory which contains files listing what security feeds are relevant to which pinned repositories. I'm still working on a spec...

Syft is also affected for the same reason. ``` pestilence:~$ syft packages docker:distroless.dev/nginx:latest -o cyclonedx-json 2>/dev/null | jq .components[35].purl "pkg:alpine/[email protected]?arch=x86_64&distro=alpine-3.16" ```

as a note, if you have questions about activitypub feel free to ping me in fediverse :) I can't break it down into rust but I can probably explain it...

Can somebody summarize the problem? I can try to create a testcase and check it in apk-tools.

hi, blindly calling `getaddrinfo(3)` is a really bad design choice, and is considered a bad pattern in C where it originates from. at the very least, a better approach would...