Hackers' Pub

Quoting https://bsky.app/profile/baldurbjarnason.com/post/3mgcpckb5qk27 :

As @davidgerard has posted elsewhere, the maintainer of the library HarfBuzz has gone all-in on vibe-coding.

(see: https://typo.social/@behdad/116172838540880597 )

A note on why this is a worry in the thread ->
Fonts are a lucrative target. They require a complex parser, usually written in a language that isn't memory safe, and often directly exposed to outside data (websites, PDFs, etc. that contain fonts). This means a flaw could lead to an attack worst case scenario: arbitrary code execution
HarfBuzz is pretty much the only full-featured library for that takes font files, parses them, and returns glyphs ready to render. It is ubiquitous. A security flaw in HarfBuzz could make a good portion of the world's user-facing software (i.e. that renders text) unsafe.
Irrespective of the vibe-coding issue (code review is not an adequate defence against "agent" bugs) this is a piece of software that, due to its position in the industry, should be MORE conservative than the rest. Core infrastructure is not where you want experimentation

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`