New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[no bug] Relaunch and redo the web bug bounty program #4777
Conversation
863030b
to
ff87ee4
Compare
ff87ee4
to
c9a66e4
Compare
Thanks @craigcook ! |
Thanks so much, @craigcook! I have a couple other tweaks I might make, but they can wait until after this is pushed so as to make things cleaner. :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drive-by f+ with some notes for @april
<p>Yes, as long as the bug otherwise meets the published bug bounty | ||
program guidelines. Bugs found in Aurora and Beta releases of Firefox and | ||
program guidelines. Bugs found in Developer Edition and Beta releases of Firefox and | ||
Firefox for Android, EarlyBird and Beta releases of Thunderbird are eligible as | ||
long the bug is reproducible in the latest nightly mozilla-central build and has |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"in the nightly mozilla-central build at the time that the bug is reported", theoretically.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with changing this, but I'd rather it was done in a different bug since it's unrelated to the web bug bounty stuff.
<h4>Bedrock (www)</h4> | ||
<ul> | ||
<li>www.firefox.com</li> | ||
<li>www.getfirefox.com</li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tiny whitespace nitpick: the two lines above are indented differently than the two below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure what you mean? <li>
is supposed to be indented differently, since it's under <ul>
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are indented two spaces, the two items below are indented one space. It is indeed a tiny nitpick but I'll fix it.
</ul> | ||
<p> | ||
<strong>Please do not use automated scanners, create, or modify bugs when testing Bugzilla.</strong> | ||
<br><br>Instead, install your own local copy for testing from <a href="https://github.com/mozilla/webtools-bmo-bugzilla">webtools-bmo-bugzilla</a> or use our <a href="https://bugzilla-dev.allizom.org/">development instance</a>. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dylanwh Would you like to add a bit about the vagrantfile here, for "no seriously it's that easy" opportunity?
|
||
<h4>Source Control</h4> | ||
<ul> | ||
<li>hg.mozilla.org (excludes website)</li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this say '(except website, see below)'? I initially interpreted it as a flat denial for https://hg and didn't think "oh, they re-include that later on" at first read.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works for me
|
||
<h4>Source Control</h4> | ||
<ul> | ||
<li>hg.mozilla.org (website)</li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"(website only)", paired with the prior note.
@@ -28,7 +29,7 @@ <h1 itemprop="name" class="title-shadow-box">Web And Services Bug Bounty Hall of | |||
|
|||
<p>On behalf of the Mozilla and the millions of people who visit our sites, use Firefox and our other products we would like to thank them for their hard work in helping to make us more secure.</p> | |||
|
|||
<p>As of this date, we have paid out almost <b>$1,000,000</b> across all of our bounties. Congratulations to everybody who has participated!</p> | |||
<p>As of this date, we have paid out over <b>$1,600,000</b> across all of our bounties. Congratulations to everybody who has participated!</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As of what date?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will always be true as of the present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not including a date always it to always be accurate and also reduces the number of updates we need to do.
@@ -37,7 +37,7 @@ <h1 itemprop="name" class="title-shadow-box">Client Bug Bounty Program</h1> | |||
|
|||
<p>Mozilla will pay a bounty for client and security bugs as detailed below. All security bugs must follow the following general criteria to be eligible:</p> | |||
|
|||
<p> Eligible security bugs may be present in any of the current main development or released versions of Firefox, Thunderbird, Firefox for Android, or FirefoxOS as released by Mozilla Corporation (e.g. Nightly mozilla-central, Firefox Developer Edition, or Beta test versions, as well as the final release product versions)</p> | |||
<p> Eligible security bugs may be present in any of the current main development or released versions of Firefox or Firefox for Android as released by Mozilla Corporation (e.g. Nightly mozilla-central or Beta test versions, as well as the final release product versions)</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One Thunderbird removal occurs here, but this isn't reflected in many other occurrences of Thunderbird elsewhere in the document.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above, I'd like to clean up the client stuff in a different commit, unless it's really necessary right now.
uh, i'm sorry, i didn't intend to exercise some sort of formal merge approval on this pull request. please don't treat whatever github just decided about my commentary as any sort of "approval to merge" by the project. |
Yes, that's fine, I don't mean my comments to hinder merging, the document
is fine as-is and okay to ship.
|
c9a66e4
to
f963470
Compare
Pesky floats... should rebuild the whole thing with grids... |
Fix bug 1357380: Remove Aurora mention from Bug Bounty FAQ page
f963470
to
e4dd27a
Compare
LGTM! |
Description
Started by @april who did all the real work in #4744, I've only tidied up a few odds and ends and squashed commits.
Bugzilla link
Testing
Checklist