Branch: refs/heads/automated-weekly-changelog/2.389
Home: https://github.com/jenkins-infra/jenkins.io
Commit: 221546425902bcd3f065cbc47faa5cfbedefe08e
https://github.com/jenkins-infra/jenkins.io/commit/221546425902bcd3f065cbc47faa5cfbedefe08e
Author: Vandit Singh <[email protected]>
Date: 2023-01-30 (Mon, 30 Jan 2023)
Changed paths:
M content/doc/book/managing/nodes.adoc
Log Message:
-----------
Correct description of controller/built-in node (#5812)
Managing Nodes page - Description of controller/built-in node/agents is
wrong #5776
Changed the description according to the possible solution
---------
Co-authored-by: Zbynek Konecny <[email protected]>
Co-authored-by: Kevin Martens <[email protected]>
Commit: 21748a29babdeb6a6c8a914c7e4b0f3388dd28bf
https://github.com/jenkins-infra/jenkins.io/commit/21748a29babdeb6a6c8a914c7e4b0f3388dd28bf
Author: Wadeck Follonier <[email protected]>
Date: 2023-01-30 (Mon, 30 Jan 2023)
Changed paths:
M content/donate.adoc
M content/project/team-leads.adoc
R content/security/gift.adoc
M content/security/index.adoc
M content/security/reporting.adoc
Log Message:
-----------
Proposal to remove the reward/gift aspect for vulnerabilities (#5940)
**Context**
- In more than one year, I didn't send any gift for reported
vulnerabilities. No reporters asked for that despite the "If we forget,
feel free to remind us by posting a comment to the security issue you
reported." message in https://www.jenkins.io/security/gift/#process.
- The reward I sent for a previously reported issue took me a huge
amount of time (especially administrative)
- We often receive(d) out of scope reports (automatic script/scan) with
payment request (like asking 100$ for a false positive)
**Opinion**
- The credit aspect, to have a CVE with your name in the credits, is
more important for researchers, especially when finding stuff in the
open source
- The budget (~40$) is not enough to be an effective incentive. But the
presence of a bug bounty program create wrong expectations
- The time spent "managing" this part does not seem to have a good
return on investment
@daniel-beck WDYT?
@jenkins-infra/board Do you want to discuss the topic more broadly?
Commit: 2d6b026a50ca47c1e321506e348a3ff97c5d6a89
https://github.com/jenkins-infra/jenkins.io/commit/2d6b026a50ca47c1e321506e348a3ff97c5d6a89
Author: Mark Waite <[email protected]>
Date: 2023-01-31 (Tue, 31 Jan 2023)
Changed paths:
M content/doc/book/managing/nodes.adoc
M content/donate.adoc
M content/project/team-leads.adoc
R content/security/gift.adoc
M content/security/index.adoc
M content/security/reporting.adoc
Log Message:
-----------
Merge branch 'master' into automated-weekly-changelog/2.389
Compare:
https://github.com/jenkins-infra/jenkins.io/compare/c2bf412fb037...2d6b026a50ca
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkins-infra/jenkins.io/push/refs/heads/automated-weekly-changelog/2.389/c2bf41-2d6b02%40github.com.
