On Wed, Nov 10, 2021 at 7:23 PM Niklas Keller <m...@kelunik.com> wrote:
> Hey Nikita, > > I'd like to propose using HackerOne instead of bugs.php.net for security > issues: https://www.hackerone.com/company/open-source-community > > Best, > Niklas > Unfortunately I have no familiarity with HackerOne and as such don't know whether it would work for our purposes. I think an important requirement for us is that maintainers who are not otherwise involved in security response can be assigned to (and see) issues. I'm hazy on the details, but I believe that PHP used to be part of IBB on HackerOne and was kicked out due to lack of responsiveness (apparently nobody from the PHP side was actually involved there). Regards, Nikita