Carrot disclosure: Forgejo

notwithstanding: > because it will always be bad That’s you being dishonest with what was being said. But yes, i remember talking to jvoisin about his time doing SBOM like stuff in Google, managing 3rd party OSS dependencies, and he can easily spot piles of shit. notwithstanding: > How fucking entitled Please don’t project your dreams into reality. You being a superfan doesn’t automatically make a codebase better. It’s just a fact, forgejo has atrocious security. Their security policy is a joke, their security team is nonexistent. Regarding the entitlement, it’s the other way around. Forgejo requires volunteers to give up their free time beyond the report. A shitty critical infrastructure project deserves to be called out no matter who makes it.