This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: FOSSA bug bounty program
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Jérôme Benoit <jbenoit100 at gmail dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 02 Jan 2019 20:34:34 +0100
- Subject: Re: FOSSA bug bounty program
- References: <87imzaeyti.fsf@mid.deneb.enyo.de> <eeea76d3-131e-c8e6-c900-ae587e195f17@gmail.com>
* Jérôme Benoit:
> Le 31/12/2018 à 12:10, Florian Weimer a écrit :
>> glibc is listed as a participating project here:
>
> I will not say participating but targeted project.
I prefer not to be targeted by bounty hunters, thank you very much.
>> <https://juliareda.eu/2018/12/eu-fossa-bug-bounties/>
>>
>> Has anyone been in contact with them? How do they propose to deal
>> with their findings?
>
> I think the people in charge are going to contact each FOSS projects
> listed, even if I think they should have done it beforehand.
Why do you think that? In general, that doesn't seem to happen, and
the platform operator assumes that the code owner and the
bounty-issuing organization are the same.