Tanner Prynn

In the absence of a security contact for the project, I plan to disclose the issue (with a PR fix and in a blog post) on May 17 (two weeks...

I've delayed the disclosure for a short time to allow a project which depends on flower to make a new release.

@adampl I'm the person who gave that advice initially and I'll point out that I actually [submitted a PR](https://github.com/mher/flower/pull/1216) along with my original post which does exactly what you asked...

I disagree that this represents a real risk. Under a reasonable threat model of any system, there is always a line we can draw at which an attacker's capability so...