ask
Ethan Blanton
elb at pidgin.im
Wed Nov 13 13:26:27 EST 2013
nasrul abrori spake unto us the following wisdom:
> because i find vulnerabilities on your site, or just bug bounty in the
> software category,,,
Are you saying that you have found vulnerabilities on
http://pidgin.im/ or http://developer.pidgin.im/ that you would like
to have disclosed after correction? We have not previously done that,
but I see no reason why we couldn't; it should probably be in a
different place from the Pidgin vulnerabilities. Note that most of
our web site software is packages from upstream providers (such as
trac), and vulnerabilities should probably be disclosed to the
upstream authors unless they are in our own setup/extensions.
I'm still not sure I understand.
Ethan
More information about the security
mailing list