pull down to refresh
@ek
5,133,644 sats stacked
stacking since: #57444longest cowboy streak: 233 verified stacker.news contributornpub16x07c...2j2s96s89dekzyis
0 sats \ 0 replies \ @ek OP 8h \ parent \ on: Reverse Engineer OPA? security
mhh, interesting opinion
how can one even tell how many lightning transactions there are globally?
/cc @orangepillapp
Yes, sorry and thank you for your understanding, it was a honest mistake.
As a suggestion, if you ever run the same again, don't just include the comments on one post. Please count the total comments so that participants get more room to place some meaningful words.
I don't want to encourage spam all over SN
Here's the invoice..
paid!
How should I contact you in private if I find something?
You don't have a Github repository where I can create a security advisory and I don't see something here like we have here (see https://securitytxt.org/).
Is a mail to hello@orangepillapp.com good enough? I don't know if that mail might be read by the wrong employees.
I also think this is wrong:
you cannot verify the code of an app even if you had access to the repo
— #897466
Reproducible builds fix this. You can't verify the code that runs on a server but afaik, you can verify if the app you downloaded is what you would get if you build it yourself from the source code.