Ethan Blanton elb at
Wed Nov 13 13:26:27 EST 2013

nasrul abrori spake unto us the following wisdom:
> because i find vulnerabilities on your site, or just bug bounty in the
> software category,,,

Are you saying that you have found vulnerabilities on or that you would like
to have disclosed after correction?  We have not previously done that,
but I see no reason why we couldn't; it should probably be in a
different place from the Pidgin vulnerabilities.  Note that most of
our web site software is packages from upstream providers (such as
trac), and vulnerabilities should probably be disclosed to the
upstream authors unless they are in our own setup/extensions.

I'm still not sure I understand.


More information about the security mailing list