huntr
huntr copied to clipboard
418sec
Make our process obvious to maintainers
Artefacts
- [ ] Create a step by step guide
- [ ] Place it along their path (somewhere relevant and timely)
Core Success Measures
- [ ] Maintainer that come and don't review -50%
- [ ] Maintainer that come and don't confirm fix -50%
Additional Success Measures
- [ ] Maintainers notice that there is a step by step guide (15% of new maintainers click this wiki)
- [ ] The wiki is easy to understand (6/10 find it helpful)
Hi @JamieSlome, can you please groom this ticket. If we don't have a definition yet, feel free to leave it as a note until grooming.
I just checked the site (but not any security reports); the information that I need as a maintainer isn't there in a way that it allows me to find it quickly and provide me with a consistent understanding of my role in the disclusore process. I.e. there's no indication that rejected vulnerability reports will be immediately disclosed (and not stay private or archived); similarly, there's no indication that the effect of selecting a commit SHA (as a maintainer) will directly and immediately publish the vulnerability report. There's more, but maybe it's more practical to have an initial process outline published on the site after which I can comment more?
I've been a bit confused because I didn't know the right process to follow, so I think a guide to disclosing vulnerabilities would have been helpful
from @mcornella
~ from maintainer of boxbilling
Also
https://discord.com/channels/672495759706554369/900002814158311434/920430123742797854
Thanks again @jaapmarcus you're the best!
Sorry to anyone following this ticket, it has been mishandled. A deadline will be re-assigned at a later date.
