Page MenuHomePhorge
Create Task
Maniphest T15111

Create a pathway for security-related issues to be reported
Open, Needs TriagePublic
Actions

Description

Phabricator upstream uses HackerOne I believe, where people can report security issues there which are then communicated to Evan.

We want to encourage users to also report issues about Phorge. Look into setting up a HackerOne account, though we would not be able to issue any rewards at this time due to not having any funding for this project.

Related Objects

Mentioned In
2022-08-23

Event Timeline

speck created this task.Aug 23 2022, 19:14
Herald added subscribers: Matthew, chris, tobiaswiese. · View Herald TranscriptAug 23 2022, 19:14
Matthew added a comment.Aug 23 2022, 19:16

We do have a security task creation form and a separate space that roots have access to. See S2

avivey mentioned this in 2022-08-23.Aug 27 2022, 14:36
Cigaryno subscribed.Sep 10 2022, 11:15
pasik subscribed.Sep 20 2022, 19:53
avivey subscribed.Jul 20 2023, 17:14

Turns out the "Create Security Task" form doesn't allow users to create tasks, because they can't see the S2 space.

I'm updating it so that it will keep the tasks in S1, and use Policies to limit access.

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0