In general I agree, but we’re in a period right now where we have a new kind of tool that’s able to comb through large codebases and connect the dots that would be difficult for a human to do. My main point here is that open source maintainers need to be aware of this, and to use LLMs themselves to see if any issues can be surfaced.

The actual fact is that the case is ongoing. And so far, there has been a mountain of evidence presented, a lot of which I’ve linked in this very thread. That evidence includes HRW statements about Ukraine shelling civilians. I linked a whole documentary detailing the atrocities the regime has been conducting in Donbas. I’ve linked a clip from CNN interview. And no, підарас does not mean scumbag. You know what it means. Literally everything you’ve said in this thread so far is demonstrably a lie.

And here’s a firefox translating the notebook story for you:

If by disproved you mean spewed nonsense confidently then sure. For example, the UN case won’t be resolved till 2028. And that’s just one piece of misinformation that you could’ve easily checked before regurgitating it.

The speech contained precisely what I said. Poroshenko was very explicit with what he was saying.

We both know what the notebook says too.

Just stop lying.

I guess we disagree on whether this information had much value to begin with. It did however result in a fix, and people are now aware of just how easily attackers can find vulnerabilities now. I will refrain publishing the details in the future though.

I did, but you just ignore or hand wave them away. And then you just keep repeating your talking points. It’s so ham fisted.

I love how you just keep repeating this in face of all evidence provided. You’re like baby Goebbels.

That’s fair, I’ll refrain form this sort of up front disclosure in the future.

I already did, you’re not fooling anybody here.

Since it affects people running the software and very likely to be known to any malicious actor I would argue so. I’ll stress again that this was not information that took any effort to find. Literally a few minutes of effort.

Try google translate, but even with this translation it’s very obviously not bastard.

Wait till you find out that the human brain is also a non-deterministic system.

I don’t know where are we on ethnic cleansing when the current Head of the Office of the President of Ukraine keeps a notebook of subraces. I guess we’ll never know what this could possibly mean.

It would all depend on the rate of false positives, and as you say, we’d have to wait and see how this plays out. At the very least, what I’d want people to take away from this is that project maintainers absolutely should be using these tools themselves. They’re the people who are in the best position to decide whether something is a real issue, and it’s better to be safe than sorry here.

Sure buddy, the president saying the regime aims to commit ethnic cleansing while they openly attack civilians doesn’t prove shit. You keep on telling yourself that. I love also immediately rush to how you dehumanize the victims as ‘pro-Russian’ militants. Oh and of course, we can just look at what’s happening in Ukraine today, I can only assume your firm support must be over shared values https://nv.ua/ukr/lifestyle/spisok-pidarasiv-u-budanova-pomitili-nezvichniy-bloknot-50603357.html

You’re right Poroshenko saying they will live in cellars and Ukraine bombing civilian population since 2014 absolutely does not say ethnic cleansing. There’s a literal statement of intent there to remove Russian speaking population. And then there’s a genocide case at the UN. I bet you haven’t even opened a single link before writing your vapid comment.

truly

I’m not talking about a scenario of a hypothetical exploit here. I’m talking about a concrete scenario where somebody finds an exploit and verifies it. In that case, people operating the software need to be aware of the vulnerability in the application they are running. Since the exploit is very easy to find, it should be assumed that malicious people would have found it as well.

You’re arguing against a case where you have an unverified exploit that LLM might’ve hallucinated. This is not the case I’m describing. And this provably did not happen in my case as is clearly evidenced by the fix the dev had to make in their server.

allegations is doing a lot of heavy lifting there, meanwhile what Ukrainian regime has been up to is very well documented:

• Human Rights Watch, 2014: Ukraine: Unguided Rockets Killing Civilians
• WaPo, 2018: The war in Ukraine is more devastating than you know
• openDemocracy, 2019: Why Ukraine’s new language law will have long-term consequences
• NYT, 2024: U.N. Court to Rule on Whether Ukraine Committed Genocide
• https://www.ohchr.org/en/documents/country-reports/40th-periodic-report-human-rights-situation-ukraine-treatment-prisoners
• https://www.npr.org/2023/01/31/1152743054/human-rights-watch-ukraine-landmines
• CNN coverage of Donbas in 2014 https://xcancel.com/paulius60/status/1611148483859255296
• https://mronline.org/2023/07/30/russia-donbass-and-the-reality-of-the-conflict-in-ukraine/
• https://www.kanekoa.news/p/osce-reports-reveal-ukraine-started
• HRW https://www.hrw.org/news/2014/10/20/ukraine-widespread-use-cluster-munitions
• Donbas documentary 2016 https://youtube.com/watch?v=bN68OfFKaWs
• Ukraine in Donbas https://ingaza.wordpress.com/2022/08/10/what-ive-seen-of-ukraines-war-crimes-against-civilians-in-the-donbass-over-the-years/
• Poroshenko saying the quiet part out loud https://www.youtube.com/watch?v=aHWHqj8g7Bk

:)

My advice would be to just go for it. If you find a bug and fix it or add a useful feature, it’s absolutely worth submitting. And collaborating with other devs will help you grow your skills a lot faster.