This is the sort of thing you do to big companies with no morals, doing it to a small open source project is just wrong, they don’t have the manpower or money to redo the investigation you already did.
Given that the dude works for an AI-based security company, and Forgejo and services like it (e.g., codeberg.org) are how you abandon the mess of vibe-coded trash that is GitHub, in my opinion, he has a motivation to pick apart this specific service.
Given that the dude works for an AI-based security company, and Forgejo and services like it (e.g., codeberg.org) are how you abandon the mess of vibe-coded trash that is GitHub, in my opinion, he has a motivation to pick apart this specific service.