These posts are motivating

I will start to call chrome/iums limited web browser from now on

There isn’t a legal precedent. Unless I misunderstood, this is a settlement and settlements aren’t! Legal precedent. Which is why big e.g. pharma likes them, because then they don’t have the legal precedent for the next case.

Fair perspective. It is a scam happing in the crypto sphere but that doesn’t necessarily make her a cryptosis. I mean, it comes down to what makes a cryptosis a cryptosis, acting in the crypto sphere or believing in crypto or holding crypto?

Technically not a cryptosis as onecoin wasn’t a cryptocurrency, that was part of the scam.

Dude, can you be less rude? Calling me a liar, without point out a lie. At best, you found a misunderstanding of cve on my end which wouldn’t be a lie and isn’t in the part that you called a lie. Also I don’t think that there was a misunderstanding on my end of what cve means. Then you call me basically a clueless idiot for not having a clue about web servers. While I actually currently am working for a multi billion dollars companies as a backend dev and never worked anything but web dev. Then you complain about a straw man when you don’t bother to express what your actual argument was and I had to guess.

You might realize that I am not bothering to argue your points, there is a simple reason why, you are being a dick. Make your points clearly like you did just a moment ago and don’t be rude while doing it and you get an interesting conversation.

In case, you are curious, I am actually rather neutral on whether or not, it should be cves. I see the devs reasons and think they are reasonable and I understand why f5 would report it. A new fork seems to be an overreaction though. I bet you didn’t expect me to hold this position because you were busy being a dick instead of having a conversation

There is an astounding number of lies/misrepresentations in your post, good lord.

1. I never said it isn’t an issue. Dos is the issue. It is a vulnerability.
2. No. CVE are not required. Like never. There is no legal requirements. The c in CVE stands for common btw… You know what is not common, Experimental features on non stable releases.
3. The stables are not affected. To quote from https://www.nginx.com/blog/updating-nginx-for-the-vulnerabilities-in-the-http-3-module/ about cve-2024-24989, “NGINX Open source mainline version 1.25.4. (The latest NGINX Open source stable version 1.24.0 is not affected.)” And about CVE-2024-24990, “NGINX Open source mainline version 1.25.4. (The latest NGINX Open source stable version 1.24.0 is not affected.)”
4. Yes and no. Remember the c in cve?
5. How is it a lie to say that they informed people through a mail list, when they did that? Remember you said I was lying? Also didn’t you say they wanted to keep it quiet to fix in secret, while they inform the public? Isn’t that a lie? (Also, you call it a cve in this point, well the dev didn’t think of it as one and he alerted the users. So they satisfied your “least” requirement for a cve while not thinking of it as a cve.)
6. My statement is once again not a lie. But let’s talk about your stuck transaction. Your transaction isn’t “stuck” if you use transactions in your database, but besides that you used an experimental feature on a non stable release on a publicly facing service and the “stuck” transaction is your issue? You are fucking without a condom, my friend. And That experimental feature might just crash randomly, due to memory leaks or what not, and your transaction is stuck too.

Where were my lies? I mean I showed you yours.

Have you looked into the CVE? Apparently it is a non issue. You could use it to dos a service that have an experimental feature enabled, which is disabled by default, on a non stable Version. I understand the dev. CVE should be for serious issues. And they alerted their users over an email list

It can be used for dos, as it is crashing workers, but they will be restarted anyway.