Another dust-up with Dansup lol…
cross-posted from: https://lemmy.crimedad.work/post/903768
The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.
The Mastodon folk that have an expectation that publishing stuff on the Fediverse could be private, makes no sense to my silly little Lemmibrain.
That said it is a bug, it is worth being disclosed, it has been fixed, it wasn’t a malicious omission as far as I can tell. So chill. Dan is doing his best. Awareness is fine but constantly needing to make everything about him drama is unnecessary imo.