daniel:// stenberg://We have received more security reports against #curl in 2026 so far than we did during the entire year back in 2024.
During the first three months we have received twice the amount of reports/week as we did last year.
someone in another open source project (to remain anonymous here) replied to my weekly email and said "as a comparison, we received 70 reports last week"
The ongoing "security report overload" is systematic and everywhere now.
Endure fellow maintainers!
Markus Holtermann@bagder I'm giving a talk at @djangoconeurope in about 2 weeks about #Django. The numbers I'm looking at right now are already terrifying. And they're roughly 3 weeks old.
I'm glad @nessita submitted https://github.com/django/django/pull/21033. This gives us some way to deal with overload by the same submitter.
I'm glad @nessita submitted https://github.com/django/django/pull/21033. This gives us some way to deal with overload by the same submitter.
Added section for respecting maintainer time to the security policy. by nessita · Pull Request #21033 · django/django
Trac ticket number N/A Branch description This extension to the policy came up in various places (DSF Slack, Fellows sync, etc) and follows an initiative from Seth Larson. AI Assistance Disclosure ...
Mike Siegel@bagder I would love to see a graph of security reports per week. There are those who predict the end of vulnerabilities (as these are caught in CI/CD), then there are those who are predicting never ending vulnerabilities. I am guessing reality will be a little more nuanced.