Netlify reduced their Pro plans from 45$/month to 19$/month -_-. Are we still paying 45$ or they reduced for "old" customers too?

fluffypony ^

let me login and check

Would be annoying if we are still paying 45

so it says that we paid $45 for the current period

doesn't indicate what we'll pay for the next

I changed our plan to the Pro plan @ $19 (so no real change, but hopefully it'll trigger a billing adjustment)

interesting

so based on the receipt they sent they were planning on just keeping us on the "legacy" $45 plan

sneaky

so appears to be sorted by me switching to the Pro plan again

Classic. Good that it's sorted out. Thanks for looking it up

Can we add a page to the site for hosting audit results?

The CLSAG report is ready to be posted (in coordination with OSTIF's release), and we also have the BP and RandomX audits

good idea

Makes sense IMO to have a central "security" location for this or something

Unfortunately I can't provide the audit report publicly until the coordinated date, as a courtesy to OSTIF, who helped coordinate the process and also plan their own post about it

I don't want to scope creep, but maybe that page is also a good location for posting links to HackerOne for security reports

If you see a page marked "security" I think that makes sense

can you describe "security" location?

I thought just a place where we link to all audits, don’t understand the security part

Eh, it was just a thought

Whatever makes the most sense

But certainly at least all the audit reports in one easy location

Would it make sense to be under Resources -> Audits?

ah you meant naming the page security

thought you were talking about some extra security folder

Yeah

Oh there's already a vulnerability response link at the very top

What's the most clear name for this?

audits IMO

"audits" or "security audits"?

did we ever have h1 security reports?

How so?

ah so meant linking the existing reports :)

kinda confused with wordings today

I don't think there's a formal process after remediation in every case, but I am not sure how that works with H1 policy and reporter consent etc.

that's a better question for someone like moneromooo

I know a fair number of reports turn out to be misunderstandings or otherwise don't require any fixes

some reports also declined public disclosure

Well, any actual fixes could themselves be reported anyway, right?

Just perhaps not details of conversations with the reporters on H1?

Obviously commits are public

I think a broader "security" tag for audits and related posts makes sense imo

I'd like to have a general "How Monero takes security seriously" post

I was thinking a totally separate page

Do you think they fit better as a blog section?

The documents should be hosted on getmonero for reliable distributed storage on the repo

I don't recall where the RandomX audit reports got hosted

The BP audits are on the old research-lab repo

and the CLSAG report isn't hosted anywhere yet

randomx is on github too (randomx repo)

Makes sense :)

Might as well host on getmonero to avoid future dead links

The reports won't change

sgtm

Anyway: new page or blog section?

i would prefer new page

Sure

What would be the formats of these audits sarang? simple markdown pages?

I don't actually like the idea of separate pages. Complicates the site further. Why not have a filter for the blog?

back-date the old reports

anonimal wrote up some reports. He seems gone for a while now.

I have to say i'm not a big fan of a separate page either. The website is already kinda clogged. Maybe there could be a section in the MRL page

H1 can set bugs public, so linking to them should be enough maybe.

for the VRP, yeah

*maybe* we can replace the "Vulnerability Response" link with a link to a page about security, which would contain the VRP process, audit reports, and stuff like that. maybe. but that's higher effort

the blog already has tags

and from the drop down menu you're effectively choosing a tag and then viewing all the posts with that tag

oh it's tabs now, not drop down

eg. getmonero.org/blog/tags/urgent.html

so I fully support sgp_'s idea of just having blog posts, back-dated and tagged

there may be some overlap with "urgent" and "security"

Actually replacing the "vulnerability response" with a dedicated "security" section could be a good idea. No problem for me to do it.

sgp_: posts can have multiple tags

so they can appear under both

I'm thinking that we rename "popular tags" to "other tags" and include the other ones there that aren't at the top, like security

I don't like that popular tags thing anyway. Thinking about how to replace it for some time

ErCiccione[m]1: I see that as a separate, related project

we used to add a lot of tags to posts

tags: [monero missives, exchanges, research, usability, gui]

The problem i see with changin "popular tags" to "other tags" is that nobody will ever click on the "other tags"

Yeah, more i think about it more having a "security" page replacing the simple link to github in "Vulnerability Response" sounds like a good idea

What's the format of the audits usually?

PDF

Then yeah, a security page on top would be best. The blog post would be simply saying "hey, we had audits, here is the link". When we could just have a nice list easily borwsable

.merge+ #1106

Added

.merge+ #1072 #937 #982 #1042

Added

thanks for reviewing all that old stuff selsta, i was about to lose hope 😛 jk

But seriously, would love to see more people reviewing stuff

:D

I'm at the point when i don't even think "let's wait for reviewers", but directly "let's wait for selsta" :P

Maybe i will make a post or something to encourage contributions to the website. They already increased lately (even if sporadically), but i think we could do much more, especially on the reviewing side.

I saw a lot of people commenting but not approving

Yeah, i don't know if they are just "shy" or they genuinely don't know they should approve. Maybe i should make the process clear in the readme if it's not already

.merge+ #1051

Added