[$] Forgejo "carrot disclosure" raises security questions

An unusual, some might say hostile, approach to disclosing an allegedremote-code-execution (RCE) flaw in the Forgejo software-collaboration platform hassparked a multifaceted conversation. A so-called"carrot disclosure" in April has raised questions about theresearcher's methods of unveiling a security problem, Forgejo'ssecurity policies, and the project's overall security posture.