Wow. Having worked on BIND and ISC DHCP for many years, I am *cheering* this! Fantastic. Personally while I can see the concern about contributor "theft" I think the way to go is to be aware, paying attention to whats going on with those contributors, and supporting their efforts on our… preferred projects seems like the way to go. And adding NSS, if they are willing, for sure!
Larissa On Oct 10, 2013, at 3:01 AM, Gervase Markham <g...@mozilla.org> wrote: > http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html > > Google are now paying people, retrospectively, for any patch that > improves the security of OpenSSH, BIND, ISC DHCP, libjpeg, > libjpeg-turbo, libpng, giflib, Chromium, Blink, OpenSSL, zlib and > commonly used components of the Linux kernel (including KVM). > > Soon, they will also cover Apache httpd, lighttpd, nginx, Sendmail, > Postfix, Exim, GCC, binutils, llvm and OpenVPN. > > This includes the core developers of those projects! > > Some of this work (e.g. on libjpeg or zlib) will benefit us directly. > Other work (e.g. on OpenSSH) will benefit us indirectly, as we use those > tools and want them to be secure. However, the inclusion of > Chromium/Blink means that this program may steal potential security > contributors from Mozilla and attract them to those projects. > > Can we and should we attempt to do anything about that? > > Gerv > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
