the idea that it exists at all is more or less a gentleman's agreement in the engineering world anyway
correctly using those tells me it was a stylistic choice not to use capital letters and omit the periods.
fwiw the HN guidelines say more about not posting "shallow dismissals", not complaining about "tangential annoyances" and being "kind, not snarky" than about grammar and punctuation: https://news.ycombinator.com/newsguidelines.html
Btw, s/onto/on to
Onto can be synonymously replaced with “on top of” which doesn’t work in that sentence.
It’s much more interesting to pay attention to the spirit of the comment than the structure, which I believe is also in the site guidelines. I’m also confident I have multiple grammatical errors in this comment.
> Because the responsible disclosure schedule and the embargo have been broken, no patch exists for any distribution.
I had to do a double take reading that. It’s written something happened and prevented them from following a schedule but seemingly they chose to release the information. I hope I’m missing something where it was forcibly disclosed elsewhere.
Edit: Moments later I refreshed the homepage and saw the announcement. They do claim to have consulted with maintainers
Very odd wording. I assume there’s an interesting/upsetting story here that will come out soon.
I don't doubt that the patch reversal + exploit PoC made by a third party is the result of people figuring out how patches work in open source projects like these.
Anyone with access to a good enough LLM can scour through supposedly minor bug fixes that might hide a critical vulnerability rather than doing it all manually. The LLM will probably throw up tons of false positives and miss half the issues, it you only need one or two successes.