This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Community feedback on EU-FOSSA2 program.
- From: Carlos O'Donell <carlos at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 4 Feb 2019 11:00:10 -0500
- Subject: Community feedback on EU-FOSSA2 program.
Community,
The European Union has announced a FOSSA2[1] program which has dedicated
EUR 45 000,00 for bug bounties against the GNU C Library[2]. To be clear
this money does not belong to us, and is not being given to us, the money
is for Intigriti[3] to run the program on behalf of the EU.
I'm looking to get community feedback regarding glibc's involvement with
this program, and the extent to which we should be involved.
I consider the community here to be the most important thing we have built,
even more important than the sources themselves, and ensuring that you are
involved and that your feedback is heard and acted upon, are all an
important part of being a community.
The stewards are already discussing this with RMS as part of a GNU position
on the matter, and we met privately with Intigriti last week to understand
what role we have in this program. We had many suggestions to improve the
text of the agreement for perspective bug hunters (like needing copyright
assignment to contribute the fix that gives you a +20% bounty bonus), but
we need community input to decide which steps to take next.
Community feedback is important in deciding how the stewards handle
and respond to programs like this where money is being disbursed in ways
which may influence, interrupt, or change the behaviour of the community.
Please feel free to reach out privately to libc-maintainers@sourceware.org
if you don't want to talk publicly about your thoughts or opinions.
Thank you for your time, and I look forward to your comments.
--
Cheers,
Carlos.
[1] https://joinup.ec.europa.eu/collection/eu-fossa-2
[2] https://juliareda.eu/2018/12/eu-fossa-bug-bounties/
[3] https://www.intigriti.com/