This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: FOSSA bug bounty program

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Jérôme Benoit <jbenoit100 at gmail dot com>
Cc: libc-alpha at sourceware dot org
Date: Wed, 02 Jan 2019 20:34:34 +0100
Subject: Re: FOSSA bug bounty program
References: <87imzaeyti.fsf@mid.deneb.enyo.de> <eeea76d3-131e-c8e6-c900-ae587e195f17@gmail.com>

* Jérôme Benoit:

> Le 31/12/2018 à 12:10, Florian Weimer a écrit :
>> glibc is listed as a participating project here:
>
> I will not say participating but targeted project.

I prefer not to be targeted by bounty hunters, thank you very much.

>>   <https://juliareda.eu/2018/12/eu-fossa-bug-bounties/>
>>
>> Has anyone been in contact with them?  How do they propose to deal
>> with their findings?
>
> I think the people in charge are going to contact each FOSS projects
> listed, even if I think they should have done it beforehand. 

Why do you think that?  In general, that doesn't seem to happen, and
the platform operator assumes that the code owner and the
bounty-issuing organization are the same.

Follow-Ups:
- Re: FOSSA bug bounty program
  - From: Paul Eggert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]