[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

REF URL require ToU/Conduct policy



So real world example I have a CVE request which has a reference url:

https://issuetracker.google.com/issues/77809383

the requires:

Google IssueTracker Terms of Service

 I acknowledge and agree to the Google Terms of Service and the Google IssueTracker Conduct Policy.

Which... I dunno. I don't want links that require logins (because you can't grab them with tools easily), and I feel like this is the same, and also requiring people to agree to a ToU (that for example maybe requires you to give up your first born) is not really kosher. 

So I'd like to add to the CVE/CNA docs discussion:

can we get ruling on reference URL's, specifically:

1) Reference MUST/MUST NOT/SHOULD/SHOULD NOT/etc... require a login of any sort (even a free login)
2) Reference MUST/MUST NOT/SHOULD/SHOULD NOT/etc... require acceptance of ToU/Conduct Policy/etc.

In my mind I should be able to "wget http://example.org/refurl/" and get the page. Anything less is not acceptable. But I also think the board should discuss this and rule on it and document it. 

--
Kurt Seifried
kurt@seifried.org

Page Last Updated or Reviewed: June 22, 2018