Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: A future off HackerOne?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Patrick Monnerat via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 13 Aug 2025 00:35:51 +0200
On 8/12/25 11:44 PM, Daniel Stenberg wrote:
> On Tue, 12 Aug 2025, Patrick Monnerat via curl-library wrote:
>
>> However if we drop HackerOne, we lose this indicator: why don't we
>> turn it to our advantage by just requiring a strictly positive
>> reputation that cannot be reached by non-serious people before
>> considering reports ?
>
> Because HackerOne doesn't allow us to set that threshold. Because they
> don't seem too willing to work with us on this problem.
It's a pity! I would expect some partnership from such a third part :-/
>
> Yeah but accepting the report only to immediately close it if the
> reporter has a too low reputation feels like an icky solution.
> Disrespectful even.
This xould be a polite closing with a redirecttion to some alterrrnative
painful reporting procedure.
> I wouldn't mind requiring a certain reputation level and I think that
> would even be a good thing to try, but then we would need to reject it
> earlier; before the user gets to submit it.
>
> But HackerOne has no such setting.
Any ateernative third part to HO that can feature such a threshold ?
Date: Wed, 13 Aug 2025 00:35:51 +0200
On 8/12/25 11:44 PM, Daniel Stenberg wrote:
> On Tue, 12 Aug 2025, Patrick Monnerat via curl-library wrote:
>
>> However if we drop HackerOne, we lose this indicator: why don't we
>> turn it to our advantage by just requiring a strictly positive
>> reputation that cannot be reached by non-serious people before
>> considering reports ?
>
> Because HackerOne doesn't allow us to set that threshold. Because they
> don't seem too willing to work with us on this problem.
It's a pity! I would expect some partnership from such a third part :-/
>
> Yeah but accepting the report only to immediately close it if the
> reporter has a too low reputation feels like an icky solution.
> Disrespectful even.
This xould be a polite closing with a redirecttion to some alterrrnative
painful reporting procedure.
> I wouldn't mind requiring a certain reputation level and I think that
> would even be a good thing to try, but then we would need to reject it
> earlier; before the user gets to submit it.
>
> But HackerOne has no such setting.
Any ateernative third part to HO that can feature such a threshold ?
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-08-13