... | ... | @@ -9,7 +9,7 @@ |
|
|
* Description: The network team uses a set of security policies to decide how to classify and respond to security issues, and a simple registry to keep track of them. This helps with transparency and visibility into our security process. Who else would like to adopt this kind of practice, and how might we want to adapt it?
|
|
|
* Links: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/SecurityPolicy https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
|
|
|
|
|
|
## Notes taking during the session
|
|
|
## Notes taken during the session
|
|
|
|
|
|
- question several years ago: what is the process for rating a bug? The team set down to create a policy to not need to do that ad hoc
|
|
|
- categorize bug by severity (low means public work, medium means private work, high is private work and released asap; high vs. critical (difference is in case of the latter there is a shout-out to people and urging them to upgrade/update)
|
... | ... | |