-
Guest50839
Netlify reduced their Pro plans from 45$/month to 19$/month -_-. Are we still paying 45$ or they reduced for "old" customers too?
-
Guest50839
fluffypony ^
-
fluffypony
let me login and check
-
Guest50839
Would be annoying if we are still paying 45
-
fluffypony
so it says that we paid $45 for the current period
-
fluffypony
doesn't indicate what we'll pay for the next
-
fluffypony
I changed our plan to the Pro plan @ $19 (so no real change, but hopefully it'll trigger a billing adjustment)
-
fluffypony
interesting
-
fluffypony
so based on the receipt they sent they were planning on just keeping us on the "legacy" $45 plan
-
fluffypony
sneaky
-
fluffypony
-
fluffypony
so appears to be sorted by me switching to the Pro plan again
-
Guest50839
Classic. Good that it's sorted out. Thanks for looking it up
-
xmr-pr
erciccione opened pull request #1105: FAQ: add section to 'How can I get Monero?'
-
xmr-pr
-
sarang
Can we add a page to the site for hosting audit results?
-
sarang
The CLSAG report is ready to be posted (in coordination with OSTIF's release), and we also have the BP and RandomX audits
-
selsta
good idea
-
sarang
Makes sense IMO to have a central "security" location for this or something
-
sarang
Unfortunately I can't provide the audit report publicly until the coordinated date, as a courtesy to OSTIF, who helped coordinate the process and also plan their own post about it
-
sarang
I don't want to scope creep, but maybe that page is also a good location for posting links to HackerOne for security reports
-
sarang
If you see a page marked "security" I think that makes sense
-
selsta
can you describe "security" location?
-
selsta
I thought just a place where we link to all audits, don’t understand the security part
-
sarang
Eh, it was just a thought
-
sarang
Whatever makes the most sense
-
sarang
But certainly at least all the audit reports in one easy location
-
sarang
Would it make sense to be under Resources -> Audits?
-
selsta
ah you meant naming the page security
-
selsta
thought you were talking about some extra security folder
-
sarang
Yeah
-
sarang
Oh there's already a vulnerability response link at the very top
-
sarang
What's the most clear name for this?
-
selsta
audits IMO
-
sarang
"audits" or "security audits"?
-
selsta
did we ever have h1 security reports?
-
sarang
How so?
-
selsta
ah so meant linking the existing reports :)
-
selsta
kinda confused with wordings today
-
sarang
I don't think there's a formal process after remediation in every case, but I am not sure how that works with H1 policy and reporter consent etc.
-
sarang
that's a better question for someone like moneromooo
-
sarang
I know a fair number of reports turn out to be misunderstandings or otherwise don't require any fixes
-
selsta
some reports also declined public disclosure
-
sarang
Well, any actual fixes could themselves be reported anyway, right?
-
sarang
Just perhaps not details of conversations with the reporters on H1?
-
sarang
Obviously commits are public
-
sgp_
I think a broader "security" tag for audits and related posts makes sense imo
-
sgp_
I'd like to have a general "How Monero takes security seriously" post
-
sarang
I was thinking a totally separate page
-
sarang
Do you think they fit better as a blog section?
-
sarang
The documents should be hosted on getmonero for reliable distributed storage on the repo
-
sarang
I don't recall where the RandomX audit reports got hosted
-
sarang
The BP audits are on the old research-lab repo
-
sarang
and the CLSAG report isn't hosted anywhere yet
-
selsta
randomx is on github too (randomx repo)
-
sarang
Makes sense :)
-
sarang
Might as well host on getmonero to avoid future dead links
-
sarang
The reports won't change
-
fluffypony
sgtm
-
sarang
Anyway: new page or blog section?
-
selsta
i would prefer new page
-
sarang
Sure
-
ErCiccione[m]1
What would be the formats of these audits sarang? simple markdown pages?
-
sgp_
I don't actually like the idea of separate pages. Complicates the site further. Why not have a filter for the blog?
-
sgp_
back-date the old reports
-
moneromooo
anonimal wrote up some reports. He seems gone for a while now.
-
ErCiccione[m]1
I have to say i'm not a big fan of a separate page either. The website is already kinda clogged. Maybe there could be a section in the MRL page
-
moneromooo
H1 can set bugs public, so linking to them should be enough maybe.
-
sgp_
for the VRP, yeah
-
sgp_
*maybe* we can replace the "Vulnerability Response" link with a link to a page about security, which would contain the VRP process, audit reports, and stuff like that. maybe. but that's higher effort
-
fluffypony
the blog already has tags
-
fluffypony
and from the drop down menu you're effectively choosing a tag and then viewing all the posts with that tag
-
fluffypony
oh it's tabs now, not drop down
-
fluffypony
-
fluffypony
so I fully support sgp_'s idea of just having blog posts, back-dated and tagged
-
sgp_
there may be some overlap with "urgent" and "security"
-
ErCiccione[m]1
Actually replacing the "vulnerability response" with a dedicated "security" section could be a good idea. No problem for me to do it.
-
fluffypony
sgp_: posts can have multiple tags
-
fluffypony
so they can appear under both
-
sgp_
I'm thinking that we rename "popular tags" to "other tags" and include the other ones there that aren't at the top, like security
-
ErCiccione[m]1
I don't like that popular tags thing anyway. Thinking about how to replace it for some time
-
sgp_
ErCiccione[m]1: I see that as a separate, related project
-
fluffypony
we used to add a lot of tags to posts
-
fluffypony
-
fluffypony
tags: [monero missives, exchanges, research, usability, gui]
-
ErCiccione[m]1
The problem i see with changin "popular tags" to "other tags" is that nobody will ever click on the "other tags"
-
ErCiccione[m]1
Yeah, more i think about it more having a "security" page replacing the simple link to github in "Vulnerability Response" sounds like a good idea
-
ErCiccione[m]1
What's the format of the audits usually?
-
selsta
PDF
-
ErCiccione[m]1
Then yeah, a security page on top would be best. The blog post would be simply saying "hey, we had audits, here is the link". When we could just have a nice list easily borwsable
-
xmr-pr
selsta opened pull request #1106: what-is-monero: fix video in Safari
-
xmr-pr
-
ErCiccione[m]1
.merge+ #1106
-
xmr-pr
Added
-
ErCiccione[m]1
.merge+ #1072 #937 #982 #1042
-
xmr-pr
Added
-
ErCiccione[m]1
thanks for reviewing all that old stuff selsta, i was about to lose hope 😛 jk
-
ErCiccione[m]1
But seriously, would love to see more people reviewing stuff
-
selsta
:D
-
ErCiccione[m]1
I'm at the point when i don't even think "let's wait for reviewers", but directly "let's wait for selsta" :P
-
ErCiccione[m]1
Maybe i will make a post or something to encourage contributions to the website. They already increased lately (even if sporadically), but i think we could do much more, especially on the reviewing side.
-
selsta
I saw a lot of people commenting but not approving
-
ErCiccione[m]1
Yeah, i don't know if they are just "shy" or they genuinely don't know they should approve. Maybe i should make the process clear in the readme if it's not already
-
ErCiccione[m]1
.merge+ #1051
-
xmr-pr
Added