On 14/03/2020 18:53, Nick Lamb wrote:
my assumption is that at best such a patch would be in the big pile of volunteer stuff maybe nobody has time to look at.
Tangential: perhaps there's an aspect of phrasing here that is confusing me, but this reads to me as suggesting we don't review/work with volunteer code contributions, and I'd like to be explicit and say that we do our best to do so and I am unaware of big piles of un-looked-at volunteer-contributed patches (having been such a volunteer myself in the past).
I can't speak for the crypto team (though it looks like Kathleen has relayed an answer for the concrete bug you asked about), but if you know of Firefox patches that are sitting without due attention, please feel free to nudge me. And no, that approach might in theory not scale, which is why other folks are building better tooling to ensure we don't end up with trees falling in forests unheard, as it were. But in the meantime, feel free to ping me (off-list).
~ Gijs _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
