[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problematic assignments for subpar reports via CVE request form

I would say simply: ban him until he shows improvement and sticks to it. Why place a time limit on it? Either he starts making good requests, or he doesn't.

On Mon, Oct 23, 2017 at 11:32 AM, jericho <jericho@attrition.org> wrote:

On Mon, 23 Oct 2017, Kurt Seifried wrote:

: ask for even more detail/proof. I would only go to the ban phase if they
: are flooding in requests that are still of poor quality despite being
: told they need to do better quality requests, I would suggest we adopt
: this, it's somewhat subjective, but relatively simple:

He is flooding in requests that are still of poor quality.

He has been told his reports are difficult to process. He was asked to
include his crashing PoCs, he still does not. He deleted the public issue
in which I asked him to do so. He shut down the issue tracker on the
GitHub repo so we cannot raise issues with his reports.

To me, that meets the bar for a temporary ban until he better appreciates
that his reports are lacking serious detail and contain numerous



Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: October 23, 2017