-
Notifications
You must be signed in to change notification settings - Fork 915
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relaunch and redo the web bug bounty program #4744
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
r+
<p>Repeat the attack using only your own description in order to prevent errors and omissions, update documentation.</p> | ||
|
||
<h3>XSS reporting tips</h3> | ||
<h2>Exclusions</h2> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be nice to have an anchor here to email as reference for errant bounty reports (future..)
Work in progress can be seen at https://www-demo1.allizom.org/security/ |
@@ -12,10 +12,10 @@ <h1 class="title-banner">{{ _('Handling Mozilla Security Bugs') }}</h1> | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the h1 on this page should get class="title-shadow-box"
for the fancy red box treatment (until we rebrand all these pages, anyway).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe @dveditz will be redoing that entire page soon; I just wanted to make a small update to it so that it no longer had incorrect information in bold right on the top. :)
A running todo list for myself:
|
looks good to me. |
Anything left before merge @craigcook ? |
We just landed a new global navigation for the site in master. Can I suggest you rebase this branch just to make sure there are no surprises? |
@april r+ |
@alexgibson @april is on leave for the next couple weeks, any way to do this without the rebase? |
@jeffbryner this PR still needs to be reviewed by a bedrock committer before it can be merged. If @april is out on PTO then perhaps we can try to pick this up and finish it off for you, but I'm afraid we're all pretty busy with Q2 priorities this week. |
I can take it over but may not be able to get to it for a few days. Everything looks good for the most part, could just use a little tidying and the commits need to be squashed. |
thanks @craigcook, let me know if there is anything I can do. If you have an ETA it will help me with comms timing. |
Closing this PR in favor of #4777 |
Description
This completely relaunches the Mozilla web bug bounty program.
It includes:
And a lot more.
Could the following users please r+?
@dveditz, @jeffbryner, @jvehent, @claudijd, @rforbes, @albill
Thanks!
Bugzilla link
Testing
I am having trouble running the tests locally, but I have been running it off a local bedrock instance for days without issue.
Checklist