This is the mail archive of the
mailing list for the glibc project.
Re: Community feedback on EU-FOSSA2 program.
- From: Florian Weimer <fweimer at redhat dot com>
- To: Carlos O'Donell <carlos at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 04 Feb 2019 17:12:33 +0100
- Subject: Re: Community feedback on EU-FOSSA2 program.
- References: <email@example.com>
* Carlos O'Donell:
> I'm looking to get community feedback regarding glibc's involvement with
> this program, and the extent to which we should be involved.
We already are. We do not have a say in this matter; the program has
already started. Since you (as stewards) sat on this for several weeks
after the initial contact from Intigriti last year, we will never know
if we had any chance in negotiating something else.
> The stewards are already discussing this with RMS as part of a GNU position
> on the matter, and we met privately with Intigriti last week to understand
> what role we have in this program. We had many suggestions to improve the
> text of the agreement for perspective bug hunters (like needing copyright
> assignment to contribute the fix that gives you a +20% bounty bonus), but
> we need community input to decide which steps to take next.
As an outcome of this meeting, I added post-exploitation countermeasures
I do *not* plan to participate on the Intigriti platform and review
issues before they are passed on to distribution security teams, under
our documented security process:
I will contact the distribution security teams later today and notify
that they might get reports via the Intigriti platform.