example

no, they're getting a lot of downvotes because it's spam.

they're not interested in legitimate discussion, they only need to promote the spam links at the end of the post.

The 90 days disclosure you're referencing, which I believe is primarily popularized by Google's Project Zero process, is the time from when someone discovers and reports a vulnerability to the time it will be published by the reporter if there is no disclosure by the vendor by then.

The disclosure by the vendor to their users (people running Lemmy instances in this case) is a completely separate topic, and, depending on the context, tends to happen quite differently from vendor to vendor.

As an example, GitLab publishes security advisories the day the fixed version is released, e.g. https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/.
Some vendors will choose to release a new version, wait a few weeks or so, then publish a security advisory about issues addressed in the previous release. One company I've frequently seen this with is Atlassian. This is also what happened with Lemmy in this case.

As Lemmy is an open source project, anyone could go and review all commits for potential security impact and to determine whether something may be exploitable. This would similarly apply to any other open source project, regardless of whether the commit is pushed some time between releases or just before a release. If someone is determined enough and spends time on this they'll be able to find vulnerabilities in various projects before an advisory is published.

The "responsible" alternative for this would have been to publish an advisory at the time it was previously privately disclosed to admins of larger instances, which was right around the christmas holidays, when many people would already be preoccupied with other things in their life.

it sure is possible, but not with the amount of work anyone would be willing to put into it.

you can just turn it off, see https://help.kagi.com/kagi/settings/general.html

for our admin team, we're using a bot to message a matrix room when content is reported and reacting to the message when it's been handled.

this could be done pretty much the same way on mod level, though this is certainly not easily accessible to everyone due to the hosting involved.

and all of this is only relevant if you even receive reports about content in the first place. if you moderate a community on another instance, tough luck unfortunately, as they currently do not federate.

edit: typos

it is generally possible to find the post on another instance through the search, at least through the default web interface. there is certainly a lot of room for improvement though.

indeed, original source is the wrong term, but at least it's an english derivation of it, which was only copied by the link in this post

it is indeed somewhat attributed, but it still very much looks like scraped content.

a very strong indicator is the inclusion of

Subscribe The most engaging reads in blockchain. Delivered once a week.

Email address

SUBSCRIBE

at the end, which on cointelegraph's page is separate from the content and provides a sign-up form.

why is this a blog spam article badly copied from the original source at https://cointelegraph.com/magazine/china-dev-fined-salary-vpn-10m-ecny-airdrop-asia-express/ ?

search for mautrix whatsapp (not a typo)

Jerboa is laggy on your Pixel 7? it's perfectly smooth for me on my Pixel 5.

unless they changed it, play dev is a one time purchase, only apple takes a yearly fee.