sure they do, you’re one of them
sure they do, you’re one of them
here’s also some more context and explanation about what’s going on:
https://fedi.fyralabs.com/notes/9psdqurvye
https://fedi.fyralabs.com/notes/9psnooe6p1
https://fedi.fyralabs.com/notes/9pth6oh3xr
based on the sticker logic, it’s clearly not
no, they’re getting a lot of downvotes because it’s spam.
they’re not interested in legitimate discussion, they only need to promote the spam links at the end of the post.
The 90 days disclosure you’re referencing, which I believe is primarily popularized by Google’s Project Zero process, is the time from when someone discovers and reports a vulnerability to the time it will be published by the reporter if there is no disclosure by the vendor by then.
The disclosure by the vendor to their users (people running Lemmy instances in this case) is a completely separate topic, and, depending on the context, tends to happen quite differently from vendor to vendor.
As an example, GitLab publishes security advisories the day the fixed version is released, e.g. https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/.
Some vendors will choose to release a new version, wait a few weeks or so, then publish a security advisory about issues addressed in the previous release. One company I’ve frequently seen this with is Atlassian. This is also what happened with Lemmy in this case.
As Lemmy is an open source project, anyone could go and review all commits for potential security impact and to determine whether something may be exploitable. This would similarly apply to any other open source project, regardless of whether the commit is pushed some time between releases or just before a release. If someone is determined enough and spends time on this they’ll be able to find vulnerabilities in various projects before an advisory is published.
The “responsible” alternative for this would have been to publish an advisory at the time it was previously privately disclosed to admins of larger instances, which was right around the christmas holidays, when many people would already be preoccupied with other things in their life.
requiring an app to open chests? what?
I’m glad I’ve been avoiding Ubisoft like the plague they are for all the other issues already.
i don’t want to go to all that effort
your app seems to be doing weird things then.
the original comment is by user @soundingcock@lemm.ee
, who spams links to gore in comments.
based on https://help.apple.com/xcode/mac/current/#/deve2819c518 it seems like users may need to explicitly enable sharing crash data with app developers.
I don’t know what the default for this is.
https://help.apple.com/xcode/mac/current/#/dev9a80ab71d seems to imply that you need to distribute your app via app store or testflight to be able to receive crash reports.
the majority of apps installed on my mac are not installed via app store, though many of them have app store variants.
i don’t know if the distribution channel matters or just having the app in app store is enough.
this article however also explicitly states this, so it appears that you do indeed by default not send this data to app developers:
users who download your app from the App Store will need to agree to share crash and usage data with developers.
I’m pretty sure this only goes to Apple, not to the actual developer.
I believe I’ve even seen devs specifically ask for copies of the reports from the crash reporter, as they wouldn’t receive them otherwise.
this doesn’t change the rest of your statement though, just afaik the recipient is different.
I’ve been using case insensitive fs on macOS for years and the only software having issues with this is onedrive.
can’t say i’m surprised.
if you’re not community banned you might still be instance banned on the community instance, which wouldn’t show up in your local instances modlog if the ban happened on a <0.19.4 instance. if the methods pointed out by other comments here fail I suggest you visit the instance of the community and check the site modlog there, searching for your user.
i suspect you’re referring to your post to a lemmy.ml community and you have indeed been instance banned there for a limited amount of time.