Keep up with radar and queue changes #924
Conversation
|
HackerOne has severity ratings now, so we can set those there. Can we also add counts to http://inside.gratipay.com/appendices/disclosures? |
|
The use:
Which maps easily to our risk ratings:
|
|
@dmk246 I have a project for you! :-) Would you be willing to go through our lists of closed and still-open H1 tickets, and set a severity rating for each one? The field is on the upper right when you bring up a ticket, and it looks like this:
We just need to click "Add" and select a rating for each one of our tickets. Here's how our labels
In the future, every new ticket should get a rating (we'll work on that later :). The task right now is to backfill that field for all previous tickets—we've already categorized them ourselves, we just to record the info in HackerOne. Here are the lists of tickets with our categorizations: Make sense? Up for it? :-) |
chadwhitacre
changed the title
chadwhitacre
changed the title
|
@dmk246 Note that we don't need to do the CVSS calculator right now, just the simple five-point scale. It does say "or". ;-)
|
|
I've emailed H1 about getting an API key so we can update the disclosures page to use the new severity ratings. Those are only available in the API proper. Turns out we've been using a public API so far. |
|
@whit537 sorry for the delay been working on a few things. I am up for it ....let me review your comments....(note I may have questions) ... thanks! |
|
What delay? :) |
|
Ftr @dmk246 and I were able to talk through this in person. 👍 |
|
@whit537 where was the link to the tickets that need altered that we looked at yesterday ? I have looked everywhere that I can think .. but obviously I haven't seemed to find it... Sorry and Thanks |
|
@dmk246 Here you go! Are these the right ones? :-) |
|
Thanks @whit537 Exactly!! |
|
These are done! Note, under open tickets, https://hackerone.com/reports/143139 was listed as a theoretical risk, aka low risk, but @whit537 had set it to high risk on Nov. 29th ... just wanted to make you aware of this, so in case you needed to change it in other locations. :) |
|
Awesome, thanks @dmk246! I'll proceed with the updates to the disclosures page now that we have all the tickets categorized ... and I'll take a look at that high/moderate one! |
|
Okay, I made some progress on this. Hopefully I can make a commit soon! |
|
I turned off the radar rotation in @gratipay-bot in gratipay/bot@0002837 and gratipay/bot@c4cba99. |
Now that we have chat again (#913), we should retire the radar tickets here in GitHub, since those were invented to do the thing that chat is for. While we're at it we should clean up our queue docs since those are also now out of date and closely related to the radar.