Opened 7 years ago

Last modified 6 months ago

#5489 assigned task

Write up a "how to report bugs and security issues, and what happens then" post or FAQ

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: WebsiteV3
Component: Webpages/Website Version:
Severity: Normal Keywords: defer-new-website
Cc: catalyst, dmr Actual Points:
Parent ID: #25131 Points:
Reviewer: Sponsor:

Description

We should summarize our current security process on a blog post, FAQ entry, or on the contact page. This hasn't gotten enough attention, since everybody's so busy, but

We should at the minimum let people know:

  • What issues to do this way and what should just go on the bugtracker. And why.
  • How to report bugs in general.
  • What to expect if you report a security issue.
  • Our current issue evaluation and response process, the history thereof.

This should be someplace pretty easy to find. A longer blog post and a shorter faq or contact entry seems smart to me.

Child Tickets

Change History (13)

comment:1 Changed 7 years ago by phobos

Owner: changed from phobos to nickm
Status: newassigned

I don't know our secteam process, so I'm just going to reassign back to you. :0

comment:2 Changed 7 years ago by nickm

Sorry there; I meant to leave it unassigned. I'd forgotten that "Company" tickets get assigned to you automatically. It is okay for this to be assigned to me, though.

comment:3 Changed 4 years ago by isis

I closed #2296 as a duplicate of this ticket.

comment:4 Changed 4 years ago by isis

Perhaps this would be better filed under the "Website" component? The "Company" component is defunct.

comment:5 Changed 4 years ago by isis

Component: CompanyWebsite

comment:6 Changed 3 years ago by Sebastian

Keywords: defer-new-website added
Severity: Normal

comment:7 Changed 20 months ago by catalyst

Cc: catalyst added

comment:8 Changed 20 months ago by arma

Triage: we should check with the network team to see if they want to re-own this ticket. It is a network team task after all.

(Maybe the tor browser team will want to do their version of this document, and maybe some parts will be shared. But one step at a time.)

comment:9 Changed 20 months ago by hiro

Milestone: WebsiteV3

comment:10 Changed 7 months ago by dmr

Cc: dmr added

comment:11 Changed 6 months ago by traumschule

There is doc/community/HowToReportBugFeedback

WikiStart says 'Please create a New Ticket to create a new bug report or feature request.'

What about adding links at the top of https://trac.torproject.org/projects/tor/newticket on how to report tickets and what to report where.

< https://www.torproject.org/docs/faq#SupportMail
How can I get support? See the Support section on the contact page.
Is there a Tor forum? We have a StackExchange page that is currently in public beta.

Those could unload the bug tracker when users are sent to the forum for usage related issues.

On the original issue to describe the security process I found only the more technical topic deterministic builds.
org/process/TorOnTrac, Support Policy and org/teams/NetworkTeam#Howwework hold valuable info as well. With a little outlook on Rust this could make a good blog post?

comment:12 Changed 6 months ago by traumschule

comment:13 Changed 6 months ago by traumschule

Parent ID: #25131
Note: See TracTickets for help on using tickets.