请问HN:其他操作系统的维护者是否也在收到安全漏洞的垃圾邮件?
我遇到了一些小的、挑剔的安全漏洞,比如在自托管软件中能够识别其他用户的个人资料图片。<p>然后,提交者不断催促我发布一个漏洞,尽管我已经发消息说明下一个版本会触发漏洞的发布(我的产品没有固定的发布日期,但通常每三个月发布一次)。<p>这让我感到压力很大。其他维护者都采取了哪些措施呢?
查看原文
I'm being hit with small, nitpick security vulnerabilities, like being able to IDOR profile images for other users on a self-hosted software.<p>Then the submitters are spamming me to release a vulnerability, despite me messaging stating the next release will trigger the release (there are no release dates for my product, but usually every 3 months).<p>It's becoming overwhelming. What practices are other maintainers putting in place?