[no bug] Relaunch and redo the web bug bounty program #4777
Conversation
craigcook
force-pushed
the
bug-bounty-relaunch
branch
from
863030b
to
ff87ee4
Compare
craigcook
force-pushed
the
bug-bounty-relaunch
branch
from
ff87ee4
to
c9a66e4
Compare
|
Thanks @craigcook ! |
|
Thanks so much, @craigcook! I have a couple other tweaks I might make, but they can wait until after this is pushed so as to make things cleaner. :) |
| <p>Yes, as long as the bug otherwise meets the published bug bounty | ||
| program guidelines. Bugs found in Aurora and Beta releases of Firefox and | ||
| program guidelines. Bugs found in Developer Edition and Beta releases of Firefox and | ||
| Firefox for Android, EarlyBird and Beta releases of Thunderbird are eligible as | ||
| long the bug is reproducible in the latest nightly mozilla-central build and has |
There was a problem hiding this comment.
"in the nightly mozilla-central build at the time that the bug is reported", theoretically.
There was a problem hiding this comment.
I'm fine with changing this, but I'd rather it was done in a different bug since it's unrelated to the web bug bounty stuff.
| <h4>Bedrock (www)</h4> | ||
| <ul> | ||
| <li>www.firefox.com</li> | ||
| <li>www.getfirefox.com</li> |
There was a problem hiding this comment.
Tiny whitespace nitpick: the two lines above are indented differently than the two below.
There was a problem hiding this comment.
I'm not sure what you mean? <li> is supposed to be indented differently, since it's under <ul>.
There was a problem hiding this comment.
These are indented two spaces, the two items below are indented one space. It is indeed a tiny nitpick but I'll fix it.
| </ul> | ||
| <p> | ||
| <strong>Please do not use automated scanners, create, or modify bugs when testing Bugzilla.</strong> | ||
| <br><br>Instead, install your own local copy for testing from <a href="https://github.com/mozilla/webtools-bmo-bugzilla">webtools-bmo-bugzilla</a> or use our <a href="https://bugzilla-dev.allizom.org/">development instance</a>. |
There was a problem hiding this comment.
@dylanwh Would you like to add a bit about the vagrantfile here, for "no seriously it's that easy" opportunity?
|
|
||
| <h4>Source Control</h4> | ||
| <ul> | ||
| <li>hg.mozilla.org (excludes website)</li> |
There was a problem hiding this comment.
Can this say '(except website, see below)'? I initially interpreted it as a flat denial for https://hg and didn't think "oh, they re-include that later on" at first read.
|
|
||
| <h4>Source Control</h4> | ||
| <ul> | ||
| <li>hg.mozilla.org (website)</li> |
There was a problem hiding this comment.
"(website only)", paired with the prior note.
| @@ -28,7 +29,7 @@ <h1 itemprop="name" class="title-shadow-box">Web And Services Bug Bounty Hall of | |||
|
|
|||
| <p>On behalf of the Mozilla and the millions of people who visit our sites, use Firefox and our other products we would like to thank them for their hard work in helping to make us more secure.</p> | |||
|
|
|||
| <p>As of this date, we have paid out almost <b>$1,000,000</b> across all of our bounties. Congratulations to everybody who has participated!</p> | |||
| <p>As of this date, we have paid out over <b>$1,600,000</b> across all of our bounties. Congratulations to everybody who has participated!</p> | |||
There was a problem hiding this comment.
It will always be true as of the present.
There was a problem hiding this comment.
Not including a date always it to always be accurate and also reduces the number of updates we need to do.
| @@ -37,7 +37,7 @@ <h1 itemprop="name" class="title-shadow-box">Client Bug Bounty Program</h1> | |||
|
|
|||
| <p>Mozilla will pay a bounty for client and security bugs as detailed below. All security bugs must follow the following general criteria to be eligible:</p> | |||
|
|
|||
| <p> Eligible security bugs may be present in any of the current main development or released versions of Firefox, Thunderbird, Firefox for Android, or FirefoxOS as released by Mozilla Corporation (e.g. Nightly mozilla-central, Firefox Developer Edition, or Beta test versions, as well as the final release product versions)</p> | |||
| <p> Eligible security bugs may be present in any of the current main development or released versions of Firefox or Firefox for Android as released by Mozilla Corporation (e.g. Nightly mozilla-central or Beta test versions, as well as the final release product versions)</p> | |||
There was a problem hiding this comment.
One Thunderbird removal occurs here, but this isn't reflected in many other occurrences of Thunderbird elsewhere in the document.
There was a problem hiding this comment.
As above, I'd like to clean up the client stuff in a different commit, unless it's really necessary right now.
|
uh, i'm sorry, i didn't intend to exercise some sort of formal merge approval on this pull request. please don't treat whatever github just decided about my commentary as any sort of "approval to merge" by the project. |
|
Yes, that's fine, I don't mean my comments to hinder merging, the document
is fine as-is and okay to ship.
|
craigcook
force-pushed
the
bug-bounty-relaunch
branch
from
c9a66e4
to
f963470
Compare
|
Code looks good, but a couple pages need a little CSS help:
|
|
Pesky floats... should rebuild the whole thing with grids... |
Fix bug 1357380: Remove Aurora mention from Bug Bounty FAQ page
craigcook
force-pushed
the
bug-bounty-relaunch
branch
from
f963470
to
e4dd27a
Compare
|
LGTM! |
Description
Started by @april who did all the real work in #4744, I've only tidied up a few odds and ends and squashed commits.
Bugzilla link
Testing
Checklist