Hi everyone,
Currently we only credit people who report security vulnerabilities at
https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Thanks (which
basically nobody reads or knows exists) and sometimes in the commit message
and release announcements. Given such people are instrumental in keeping
MediaWiki secure, I think we should also credit them in the CREDITS file. I
propose adding another section to the file - "Vulnerability Reporters",
listing the names of everyone who has reported a security vulnerability in
either MediaWiki or a bundled extension.
Thoughts?
--
Brian