Closed
Bug 948655
Opened 12 years ago
Closed 12 years ago
Patch client-side bug-bounty pages to specifically mention Firefox OS
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: freddy, Unassigned)
Details
(Whiteboard: [kb=1321893] )
Attachments
(2 files)
|
1.42 KB,
patch
|
Details | Diff | Splinter Review | |
|
864 bytes,
patch
|
Details | Diff | Splinter Review |
Bugs in Firefox OS that affect Gecko are already in scope of the bug bounty program. I think this deserves explicit mentioning.
I am attaching diffs to implement this wording.
|
Reporter | |
Comment 1•12 years ago
|
||
|
||
Updated•12 years ago
|
Whiteboard: [kb=1321893]
|
||
Comment 2•12 years ago
|
||
Is this copy correct? The answer seems a bit vague to me, without a definitive "yes" or "no." It seems to be saying that we'll award bounties on *Gecko* bugs as they apply to FxOS, but not for third-party components that appear in FxOS. If I read that correctly, maybe that could be stated more clearly?
Flags: needinfo?(fbraun)
|
|
Reporter | |
Comment 3•12 years ago
|
||
What exactly would you have stated more clearly? Please propose something!
|
|
Reporter | |
Updated•12 years ago
|
Flags: needinfo?(fbraun)
|
|
||
Comment 4•12 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #3)
> What exactly would you have stated more clearly? Please propose something!
Unfortunately, since I'm not an expert on the bug bounty program or Firefox OS, the best I can do is try to guess at a better phrasing based on my interpretation of the original answer.
Original:
Q: Can I get the bug bounty reward if I discover a bug in Firefos OS?
A: Gecko, our rendering engine, is also used in our other products (e.g., Firefox and Thunderbird) and is therefore already in scope of our existing bug bounty program. While some components are not created or maintained by Mozilla, we are determined to recognize and reward security bugs reported in Firefox OS appropriately.
My attempt at a clearer answer:
Q: Can I get the bug bounty reward if I discover a bug in Firefos OS?
A: Yes, if you discover a bug in Gecko, our rendering engine, as it occurs in Firefox OS. The Gecko rendering engine embedded in Firefox OS is the same one used in our other products (Firefox and Thunderbird). Gecko bugs discovered in Firefox OS are already within the scope of our existing bug bounty program. However, some other components of Firefox OS, especially apps, are not created or maintained by Mozilla. Bugs discovered in third-party Firefox OS components are not eligible for bounties.
Is this accurate? I admit I don't fully understand the situation so I'm not really qualified to answer questions about bug bounties in Firefox OS, but that's also why I found the original answer vague since it didn't offer a clear "yes" or "no" to the question.
Maybe there's someone else we can loop in for a second opinion? I just want to make sure this answer is clear on which bugs qualify for a bounty and which ones don't.
|
|
Reporter | |
Comment 5•12 years ago
|
||
Thanks for taking a shot!
Dan, Paul: Do we want to explicitly mention Gaia here? Otherwise it would sound like it's not in scope.
Flags: needinfo?(ptheriault)
Flags: needinfo?(dveditz)
|
||
Comment 6•12 years ago
|
||
Are we close enough to having an available reference/developer device that we could word the bounty in terms of "anything we ship on that device" rather than any random carrier-modified variant of Firefox OS?
We've got some "3rd party" apps (e.g. everything.me) that are definitely key parts of the experience and we should stand behind.
Flags: needinfo?(dveditz)
|
|
||
Comment 7•12 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #6)
> Are we close enough to having an available reference/developer device that
> we could word the bounty in terms of "anything we ship on that device"
> rather than any random carrier-modified variant of Firefox OS?
>
> We've got some "3rd party" apps (e.g. everything.me) that are definitely key
> parts of the experience and we should stand behind.
IIUC the goal of this bug was to point out that the existing bounty program covers Firefox OS. I think the idea was to do this in the interim between getting a proper Firefox OS bug bounty. But with Flame coming (and with it nightly updates), this would seem to me to be right time to pursue launching a proper bug bounty for FxOS.
As such, I think we should probably wont-fix this. As it stands I feel like pointing out that the existing program actually already covers b2g gecko, just raises more questions than it answers, so there isn't a lot of value in making this change.
Flags: needinfo?(ptheriault)
|
|
Reporter | |
Comment 8•12 years ago
|
||
Agreed. (hoping we make serious progress with the reference device)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•