I like the spirit of this comment (pointing out that it's OSS). I don't even disagree with discouraging people from asking questions that have readily searchable answers they'd be well served to direct themselves to.
But I think it can be assumed that someone asking such a questions is highly unlikely to be a world-class security researcher equipped to answer it for themselves by auditing the source code, so your response comes across as snarky for the sake of snark.
But I think it can be assumed that someone asking such a questions is highly unlikely to be a world-class security researcher equipped to answer it for themselves by auditing the source code, so your response comes across as snarky for the sake of snark.