revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 15:22:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/docs/user/reporting_security.diviner
epriestley 4cb2ec1120 Update support documentation for modern times 
Summary:
Basically similar to D13941 but a little more extreme:

  - Really strongly emphasize reproducibility for bug reports, and set users up for rejection if they don't satisfy this.
  - Really strongly emphasize problem descriptions for feature requests, and set users up for rejection.
  - Get rid of various "please give us feedback"; we get plenty of feedback these days.
  - Some modernization tweaks.
  - Split the support document into:
    - Stuff we actually support for free (security / good bug reports / feature requests).
    - Stuff you can pay us for (hosting / consulting / prioritization).
    - A nebulous "community" section, with appropriate (low) expectations that better reflects reality.

My overall goals here are:

  - Set expectations better, so users don't show up in IRC expecting it to be a "great place to get amazing support" or whatever the docs said in 2011.
  - Possibly move the needle slightly on bug reports / feature request quality, maybe.

Test Plan: Read changes carefully.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14305
2015-10-19 13:29:24 -07:00

36 lines
1 KiB
Text
Raw Blame History

@title Reporting Security Vulnerabilities
@group intro
Describes how to report security vulnerabilities in Phabricator.
Overview
========
Phabricator runs a disclosure and award program through
[[ https://www.hackerone.com/ | HackerOne ]]. This program is the best way to
submit security issues to us, and awards responsible disclosure of
vulnerabilities with cash bounties. You can find our project page
here:
(NOTE) https://hackerone.com/phabricator
The project page has detailed information about the scope of the program and
how to participate.
We have a 24 hour response timeline, and are usually able to respond to (and,
very often, fix) issues more quickly than that.
Other Channels
==============
If you aren't sure if something qualifies or don't want to report via
HackerOne, you can submit the issue as a normal bug report. For instructions,
see @{article:Contributing Bug Reports}.
Get Updated
===========
General information about security changes is reported weekly in the
[[ https://secure.phabricator.com/w/changelog/ | Changelog ]].
View git blame Copy permalink