On 8/12/25 11:44 PM, Daniel Stenberg wrote:
On Tue, 12 Aug 2025, Patrick Monnerat via curl-library wrote:
However if we drop HackerOne, we lose this indicator: why don't we
turn it to our advantage by just requiring a strictly positive
reputation that cannot be reached by non-serious people before
considering reports ?
Because HackerOne doesn't allow us to set that threshold. Because they
don't seem too willing to work with us on this problem.
It's a pity! I would expect some partnership from such a third part :-/
Yeah but accepting the report only to immediately close it if the
reporter has a too low reputation feels like an icky solution.
Disrespectful even.
This xould be a polite closing with a redirecttion to some alterrrnative
painful reporting procedure.
I wouldn't mind requiring a certain reputation level and I think that
would even be a good thing to try, but then we would need to reject it
earlier; before the user gets to submit it.
But HackerOne has no such setting.
Any ateernative third part to HO that can feature such a threshold ?
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
