Teams

[geeknik]

It would make sense to have the ability to create teams in order to become more productive members of the OSS community, not to mention it would help build trust and foster collaboration across the community, plus it might even ease the burden we create on maintainers by disclosing bugs with a patch already included. Obviously the maintainers can reject our patch and grab the fix bounty themselves.

[JamieSlome]

@geeknik - thanks for the idea! 👏

We are likely to implement a feature like this in the future, once we can better support full disclosure opt-in by maintainers. We want to respect maintainers that request responsible disclosure, but also would be happy to open vulnerability reports to the public, if the maintainer has signaled they are happy for reports to be public by default.

Thoughts?

[geeknik]

Well, the reports don't necessarily need to be public, because if I'm already sharing bug report information internally amongst my team, I should be able to invite any of those people into the report in order to provide a patch. They wouldn't necessarily need access to anything in the report beyond being able to attach a patch. I think being able to provide a patch with a bug report adds incredible value over just dropping a bug report and hoping the maintainer feels like taking on the extra work. Again if the maintainer wants to drop our patch and claim the fix bounty, that's cool too, I'd even encourage that to be honest, most OSS projects receive $0 in funding.

[JamieSlome]

@geeknik - thanks for the clarification here! Will discuss further with the team!

[Argonx21]

Hi team, Me and my friend have reported a bug on pandorafms. Just wanted to know if collaboration is supported on huntr.dev?