Process: security reporting

[faddat]

It is almost impossible for me to say how dismayed I am with the response from informal systems on the recently reported P2P storms issue.

I only wanted to get it fixed.

I have experienced retaliation from informal systems, from the CEO down.

I am not the only one who's experienced this, it's unfortunately easy to find people making reports being totally dismissed and their efforts abused.

@thanethomson has made the bold claim that my factual statements somehow constitute harassment.

I think that environments that are fact averse are incredibly bad.

Thane, can you please lmk what i have done that constitutes harassment?

Spending two and a half months of my life on this? Reproducing it? Trying to stop ICFormal from publishing it without a patch?

If it's something else, please let me know. But while you're at it can you please ask @ebuchman to provide proof of the so-called threatening language he claims my report was full of?

Here's how the CEO of informal systems speaks about security researchers (images pending)

Ok so bulleted list:

• why did informal and/or amulet publish against my wishes?

• why are we just now discussing removing the mempool? I was demonstrating this problem on testnets for months prior

• Why did informal and/or amulet put my name on something I'd not seen?

• Why did all informal team members simultaneously leave the p2p storms slack channel where numerous other teams were working to fix the problem?

• the report I made included code. Was it run?

[visualbasic6]

pad here x.com/123456 co-signing this alarmingly significant hyper-valid issue

[visualbasic6]

@jaekwon you started something that became super shady here chief

[adizere]

Thanks, your feedback is taken into account.

Let's focus on the needs of the CometBFT community pls. We won't engage here since anything we write you will turn it around to serve your narrative and continue the harassment.

[visualbasic6]

anything we write you will turn it around to serve your narrative and continue the harassment.

@adizere - you really can't play the victim in computer science

this is not closed - mote it be - i pull rank on you in a significant way my g

mutual respect for computer science. ones and zeros. that's what is needed here - not juvenile manipulation tactics

[faddat]

Hi, okay well see here's the thing I did exactly what Thane asked, and you have shut the conversation down again, as you have been doing the entire time when I've been trying to report this issue that can halt any production cosmos chain.

This is not harassment, this is a very legitimate investigation into why it is the informal systems team wishes to ignore this.

So what I'm going to do, which is probably going to come as no surprise to you, is I'm going to publicize this conversation because that's all I can do because when I tried to report the thing to you in private your whole team ghosted at the orders of ICF and amulet, remember?

Is not harassment. There are billions of dollars of value on chains in cosmos. The security matters. Good day sir.