Highlight from Vulnerability Reports Are Not Special Anymore
Juho Forsén, one of the most prolific reporters of Go security issues, wrote a long interesting comment that makes the argument that instead we should lean harder into trust relationships with individual researchers. It’d certainly be worth it with Juho, in retrospect, but it’s unclear if it would pay off often enough, in the same way that training new contributors who might leave the project in a month or two is not always worth it.