Opened 9 years ago

Closed 17 months ago

#5489 closed task (implemented)

Write up a "how to report bugs and security issues, and what happens then" post or FAQ

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: WebsiteV3
Component: Webpages/Website Version:
Severity: Normal Keywords: defer-new-website, docs, docwriting
Cc: catalyst, dmr Actual Points:
Parent ID: #25131 Points:
Reviewer: Sponsor:


We should summarize our current security process on a blog post, FAQ entry, or on the contact page. This hasn't gotten enough attention, since everybody's so busy, but

We should at the minimum let people know:

  • What issues to do this way and what should just go on the bugtracker. And why.
  • How to report bugs in general.
  • What to expect if you report a security issue.
  • Our current issue evaluation and response process, the history thereof.

This should be someplace pretty easy to find. A longer blog post and a shorter faq or contact entry seems smart to me.

Child Tickets

Change History (15)

comment:1 Changed 9 years ago by phobos

Owner: changed from phobos to nickm
Status: newassigned

I don't know our secteam process, so I'm just going to reassign back to you. :0

comment:2 Changed 9 years ago by nickm

Sorry there; I meant to leave it unassigned. I'd forgotten that "Company" tickets get assigned to you automatically. It is okay for this to be assigned to me, though.

comment:3 Changed 5 years ago by isis

I closed #2296 as a duplicate of this ticket.

comment:4 Changed 5 years ago by isis

Perhaps this would be better filed under the "Website" component? The "Company" component is defunct.

comment:5 Changed 5 years ago by isis

Component: CompanyWebsite

comment:6 Changed 5 years ago by Sebastian

Keywords: defer-new-website added
Severity: Normal

comment:7 Changed 3 years ago by catalyst

Cc: catalyst added

comment:8 Changed 3 years ago by arma

Triage: we should check with the network team to see if they want to re-own this ticket. It is a network team task after all.

(Maybe the tor browser team will want to do their version of this document, and maybe some parts will be shared. But one step at a time.)

comment:9 Changed 3 years ago by hiro

Milestone: WebsiteV3

comment:10 Changed 2 years ago by dmr

Cc: dmr added

comment:11 Changed 2 years ago by traumschule

There is doc/community/HowToReportBugFeedback

WikiStart says 'Please create a New Ticket to create a new bug report or feature request.'

What about adding links at the top of on how to report tickets and what to report where.

How can I get support? See the Support section on the contact page.
Is there a Tor forum? We have a StackExchange page that is currently in public beta.

Those could unload the bug tracker when users are sent to the forum for usage related issues.

On the original issue to describe the security process I found only the more technical topic deterministic builds.
org/process/TorOnTrac, Support Policy and org/teams/NetworkTeam#Howwework hold valuable info as well. With a little outlook on Rust this could make a good blog post?

comment:12 Changed 2 years ago by traumschule

comment:13 Changed 2 years ago by traumschule

Parent ID: #25131

comment:14 Changed 18 months ago by emmapeel

Keywords: docs docwriting added

comment:15 Changed 17 months ago by nickm

Resolution: implemented
Status: assignedclosed
Note: See TracTickets for help on using tickets.