-
Notifications
You must be signed in to change notification settings - Fork 38
onboard @EdOverflow #952
Comments
Huzzah! So ... you're off and running making PRs. May I add you to our GitHub org so you can make them on branches in the main repo here? |
OK, sure. 😃 |
Yay! Invited! 💃 |
Thanks. :) |
May I also add you to our weekly money distribution? :-) |
I'll need to get that set up and will let you know when I am ready. |
@EdOverflow May I add you as a "coordinator" in Transifex for French and German? That will enable you to self-review your own translations and review the translations of others. Do to limitations of Transifex, all translations must be marked as reviewed before we can deploy them. |
OK, great! |
Done! |
@EdOverflow Got your @gratipay/security team request and approved it. 👍 |
Thank you. Would it be possible to add me to your HackerOne program? On top of that, could you please allow issue submissions on @gratipay/security? |
Invite sent!
I think you mean on the https://github.com/gratipay/security repo, ya? Why do you want to use that instead of HackerOne (for private things) or the inside.gratipay.com repo (for public things)? |
Never mind I just realised that Gratipay members report vulnerabilities on HackerOne too. |
Hi @whit537, I have set up my Gratipay account: https://gratipay.com/~EdOverflow/. Feel free to add me to your weekly money distribution when you find time. |
@EdOverflow We're close! The last thing we need is a national identity on file for you. We ask for this so that we can handle taxes appropriately. Are you willing to share that info with us? I invite you to review our security practices around storing your PII, as well as our audit of the symmetric encryption library we're using. |
Also, do you ever use Slack? I invite you to join us there for real-time chat if you're interested. :) |
e.g. ;-) |
Following up from gratipay/gratipay.com#4263 and gratipay/gratipay.com#4262 ... have you used GitHub projects at all? We're finding those to be helpful for organizing larger-scale projects that transcend a single ticket or repo. There are " We are also finding GitHub projects helpful for keeping track of what each of us is personally paying attention to. Those are what the "Radar" and "Queue" projects are for. I invite you to create a radar/queue project for yourself where you can publish for the rest of us what you are working on. P.S. In general, please use organization-scope projects instead of repo-specific projects, so that the rest of us only have one place to look to discover projects. |
We use LastPass to manage some passwords, now including report-uri.io. Would you like access to our report-uri.io account? What email address should I use to invite you to LastPass? (You can tell me privately on [email protected] if you're not comfortable sharing here.) |
@EdOverflow I received your email and sent invites for both Slack and LastPass. |
Thanks @whit537! You are always on the ball. |
Except when I'm not! |
@EdOverflow I am seeing a lot of ambition from you: That's great! It's also a lot to bite off and chew. :-) Can I help you think through your priorities and how to pace yourself and what your expectations are and how you plan to get all of these ambitious projects done? I don't want to see you get swamped and frustrated because progress is too slow. How do you see these three projects relating to one another? |
These are my goals for 2017. I have a clear plan with everything in order of priority. Obviously there is no way I can do all of this on my own, but I hope by communicating with the team, we can organise this together and get everything done.
Thank you for being concerned @whit537. I wish you and the Gratipay team a happy New Year. 🎉🎉🎉 On a side note, I want to introduce the team to more tools by Scott Helme (report-uri.io, securityheaders.io, hardenize.com) and then document the process of how we used them and how we improved our platform's security (This does not directly belong to the "Security Report"). |
Awesome, looking forward to working together in 2017! 💃 |
Yes, please. |
I find a password for report-uri.io in 1password, but it does not appear to work. I issued a password reset and received the mail, but when I click the button in the email I just get the asset png(?). Not sure if that's a bug in Report URI or Freshdesk. |
I'm considering gratipay/gratipay.com#4526 instead. |
@whit537 Scott Helme believes that this is a Zendesk issue. |
Could be (though it's Freshdesk, not Zendesk). I've sent a Sentry invite to the email you have on file on Gratipay. |
🤦♂️
Thank you and accepted. |
Per slack I've granted @EdOverflow admin perms on HackerOne.
Specifically to work on defining scope. |
Per slack (scroll down?) I've granted @EdOverflow agent permissions on Freshdesk to respond to security@ emails. |
Hi Gratipay team,
My name is Ed and I am a web developer and a security researcher.
I hope by joining the blue team that I will be able to:
The text was updated successfully, but these errors were encountered: