Comment by waihtis
4 years ago
Should've at least sought approval from the maintainer party, and perhaps tried to orchestrate it so that the patch approver didn't have information about it, but some part of the org did.
In a network security analogy, this is just unsolicited hacking VS being a penetration test which it claims more so to be.
This is no better. All it does is increase the size of the research team. You’re still doing research on non-consenting participants.