We will ban you and ridicule you in public if you waste our time on crap reports

> We will ban you and ridicule you in public if you waste our time on crap

If shame worked, then slop reports would've stopped being made already. Public ridicule only creates a toxic environment where good faith actors are caught up in unnecessary drama because a maintainer felt their time was being wasted. Ban them, close your bug bounty program, whatever, but don't start attacking people when you feel slighted because that never ends well for anyone (including curl maintainers)

It is a bit naive to expect Indian students to even know about /security.txt existence, let alone reading it.

Let's not beat around the bush. The problem is Indians

Nice. But it deters people like me who aren't totally confident in sending reports, trading false positives for false negatives

From https://curl.se/docs/code-of-conduct.html:

"As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities"

Why have a code of conduct while being hostile to contributors?

I think they should handle this differently.