SeCurItY IsSuE

qaz@lemmy.world · 2 days ago

SeCurItY IsSuE

Ephera@lemmy.ml · 1 day ago

until some random AI agent

Wait, do they now have spam bots going around on random PRs to post advertisements?

Arthur Besse@lemmy.ml · 1 day ago

also it’s from the spammer’s “staging” instance, so the payload is a URL with a staging hostname which doesn’t even resolve 🙄

Ephera@lemmy.ml · 1 day ago

Nice, that’s like the meme:

Look at how quickly AI put up a webpage for me: http://127.0.0.1/index.html

Tetsuo@jlai.lu · 2 days ago

But if the PR goes through that means it’s in active development !

I think he should do a PR to change back the readme

inari@piefed.zip · 2 days ago

What was the issue? Without looking at the PR it’s hard to judge

JaddedFauceet@lemmy.world · 3 hours ago

By removing the banner, it tells the LLM that it is no longer being maintained, thus “lead to security issue”.

In my company my management is using similar approach to review changes. soon more and more ppl will no longer read code and think about the code change logically, instead get scared and block changes due to these “scary AI comment”…

HeHoXa@lemmy.zip · 8 hours ago

Not being sure it applies to this scenario and too lazy to verify, sometimes the security scanners get updated and flag previously accepted code.

… tough to make sense of flagging a readme though, unless there’s sensitive info in it.

Eager Eagle@lemmy.world · 2 days ago

it’s a readme change

spizzat2@lemmy.zip · 1 day ago

It was a load-bearing readme file.

balsoft@lemmy.ml · 2 days ago

The link in the comment is borked, as expected. But the PR itself is definitely OK: https://github.com/unipop-graph/unipop/pull/138