Yes, I do feel strongly about attributing malice to someone who I think didn't warrant it. Especially do I think that they are not malicious, because of the fact that they don't admit to their doing as a security hole, but as functionality. And I do care about security a lot - if this was on my software repository, I'd frankly pull the package until it's fixed.
>why it's not malicious to write and distribute a program that sends passwords and other sensitive information over unencrypted http in 2025
One of the reasons is that it has been like that since at least 2009, so for 16 years.
I'm not defending the bug. It's a glaringly stupid thing to do, and distribute, and it questions the competency of everyone involved. I do maintain that it's not malicious intent.
Yes, I do feel strongly about attributing malice to someone who I think didn't warrant it. Especially do I think that they are not malicious, because of the fact that they don't admit to their doing as a security hole, but as functionality. And I do care about security a lot - if this was on my software repository, I'd frankly pull the package until it's fixed.
>why it's not malicious to write and distribute a program that sends passwords and other sensitive information over unencrypted http in 2025
One of the reasons is that it has been like that since at least 2009, so for 16 years.
I'm not defending the bug. It's a glaringly stupid thing to do, and distribute, and it questions the competency of everyone involved. I do maintain that it's not malicious intent.