Hacker News new | past | comments | ask | show | jobs | submit login

I think it's perfectly fine to not "give him a break." How else is he going to learn manners?



How else? By showing him how to securely disclose similar issues, for example.

Having the whole internet bashing him isn't good for anyone.

I'm for one very glad he kept pushing it out (but didn't do any real harm). This kind of vulnerability is just so common in Rails apps: I'd like to see safer defaults.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: