[GNUnet-SVN] [gnurl] 08/153: docs/SECURITY-PROCESS: mention bounty, drop

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 08/153: docs/SECURITY-PROCESS: mention bounty, drop

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 08/153: docs/SECURITY-PROCESS: mention bounty, drop pre-notify
Date:	Tue, 11 Sep 2018 12:51:19 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 29b78a537fc9602f974f8f7dfc5ae57b9df8d75e
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Jul 12 12:32:54 2018 +0200

    docs/SECURITY-PROCESS: mention bounty, drop pre-notify
    
    + The hackerone bounty and its process
    
    - We don't and can't handle pre-notification
---
 docs/SECURITY-PROCESS.md | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 4991d5fb7..0db6403c6 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -90,18 +90,6 @@ announcement.
 - The security web page on the web site should get the new vulnerability
   mentioned.
 
-Pre-notification
-----------------
-
-If you think you are or should be eligible for a pre-notification about
-upcoming security announcements for curl, we urge OS distros and similar
-vendors to primarily join the address@hidden list as that is one of the
-purposes of that list - and not just for curl of course.
-
-If you are not a distro or otherwise not suitable for address@hidden and yet
-want pre-notifications from us, contact the curl security team with a detailed
-and clear explanation why this is the case.
-
 curl-security (at haxx dot se)
 ------------------------------
 
@@ -137,3 +125,16 @@ Publishing Security Advisories
 
 6. On security advisory release day, push the changes on the curl-www
    repository's remote master branch.
+
+Hackerone Internet Bug Bounty
+-----------------------------
+
+The curl project does not run any bounty program on its own, but there are
+outside organizations that do. First report your issue the normal way and
+proceed as described in this document.
+
+Then, if the issue is [critical](https://hackerone.com/ibb-data), you are
+eligible to apply for a bounty from Hackerone for your find.
+
+Once your reported vulnerability has been publicly disclosed by the curl
+project, you can submit a [report to them](https://hackerone.com/ibb-data).
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 35/153: test1157: test -H from empty file, (continued)
- [GNUnet-SVN] [gnurl] 35/153: test1157: test -H from empty file, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 39/153: test1157: follow-up to 35ecffb9, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 40/153: sws: handle EINTR when calling select(), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 05/153: ares: check for NULL in completed-callback, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 28/153: wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 43/153: smb: fix memory leak on early failure, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 16/153: RELEASE-NOTES: sync, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 13/153: darwinssl: add support for ALPN negotiation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 34/153: curl: Fix segfault when -H @headerfile is empty, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 08/153: docs/SECURITY-PROCESS: mention bounty, drop pre-notify, gnunet <=
- [GNUnet-SVN] [gnurl] 19/153: http2: several cleanups, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 02/153: schannel: fix MinGW compile break, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 04/153: conn: remove the boolean 'inuse' field, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 20/153: test214: disable MSYS2's POSIX path conversion for URL, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 12/153: test1422: add required file feature, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 10/153: smb: fix memory-leak in URL parse error path, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 32/153: docs/examples: add hiperfifo example using linux epoll/timerfd, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 30/153: docs/CURLOPT_URL: fix indentation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 31/153: docs/INSTALL.md: minor formatting fixes, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 18/153: smb_getsock: always wait for write socket too, gnunet, 2018/09/11

Prev by Date: [GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options
Next by Date: [GNUnet-SVN] [gnurl] 19/153: http2: several cleanups
Previous by thread: [GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options
Next by thread: [GNUnet-SVN] [gnurl] 19/153: http2: several cleanups
Index(es):
- Date
- Thread