I’ll be frank. I care a lot more about the security of MediaWiki as a software product, as well as the security of its customers (both WMF and third-party) than I do about some made-up notion of “open access” to security bugs.
I think it makes complete sense to have people with access to security bugs sign an agreement saying they will not release said bugs to the public until they have been fixed, released, and announced properly. -- Tyler Romeo 0xC86B42DF From: MZMcBride <[email protected]> Reply: Wikimedia developers <[email protected]>> Date: June 26, 2014 at 9:44:25 To: Wikimedia developers <[email protected]>> Subject: Re: [Wikitech-l] MediaWiki Bug Bounty Program Any process that involves volunteers signing non-public, indefinite vows of secrecy and silence are antithetical to Wikimedia's values and mission. This isn't a cult. Our bedrock principles are open access and transparency.
signature.asc
Description: Message signed with OpenPGP using AMPGpg
_______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
