{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigmsgwjwlrgvenvlql52q3hh5o2hqqcaha6awfk5nofoosvgwxfmq",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mkqazru4lbu2"
  },
  "path": "/t/carrot-disclosure-forgejo/37484#post_4",
  "publishedAt": "2026-04-30T17:21:19.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "requires"
  ],
  "textContent": "notwithstanding:\n\n> because it will always be bad\n\nThat’s you being dishonest with what was being said. But yes, i remember talking to jvoisin about his time doing SBOM like stuff in Google, managing 3rd party OSS dependencies, and he can easily spot piles of shit.\n\nnotwithstanding:\n\n> How fucking entitled\n\nPlease don’t project your dreams into reality. You being a superfan doesn’t automatically make a codebase better. It’s just a fact, forgejo has atrocious security. Their security policy is a joke, their security team is nonexistent.\n\nRegarding the entitlement, it’s the other way around. Forgejo requires volunteers to give up their free time beyond the report.\n\nA shitty critical infrastructure project deserves to be called out no matter who makes it.",
  "title": "Carrot disclosure: Forgejo"
}