-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A while back (cba03a5777) we gave up dividing that file into "Developers" and "Patch contributors" - and imho that was a good thing. The only sections in the CREDITS file by now are "Contributors" and "Translators", where the latter just holds a link to translatewiki.
I'd (slightly) prefer to just add those who reported security issues to the "Contributors" section (considering "reported a security issue" a contribution) instead of adding a new section - technically someone reporting a security issue with a patch attached would be both a "Vulnerability Reporter" and a "Contributor", which just seems confusing. Besides from bikeshedding about that, I totally agree with your proposal.
- -- Eddie
On 01.05.2018 20:34, Brian Wolff wrote:
Hi everyone,
Currently we only credit people who report security vulnerabilities at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Thanks (which basically nobody reads or knows exists) and sometimes in the commit message and release announcements. Given such people are instrumental in keeping MediaWiki secure, I think we should also credit them in the CREDITS file. I propose adding another section to the file - "Vulnerability Reporters", listing the names of everyone who has reported a security vulnerability in either MediaWiki or a bundled extension.
Thoughts?
-- Brian _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l