08:06:24 Netlify reduced their Pro plans from 45$/month to 19$/month -_-. Are we still paying 45$ or they reduced for "old" customers too? 08:06:26 fluffypony ^ 08:06:36 let me login and check 08:12:01 Would be annoying if we are still paying 45 08:13:10 so it says that we paid $45 for the current period 08:13:15 doesn't indicate what we'll pay for the next 08:13:33 I changed our plan to the Pro plan @ $19 (so no real change, but hopefully it'll trigger a billing adjustment) 08:22:58 interesting 08:23:17 so based on the receipt they sent they were planning on just keeping us on the "legacy" $45 plan 08:23:19 sneaky 08:24:26 https://imgur.com/a/ZzeaDAb 08:25:12 so appears to be sorted by me switching to the Pro plan again 08:28:30 Classic. Good that it's sorted out. Thanks for looking it up 13:45:38 -xmr-pr- erciccione opened pull request #1105: FAQ: add section to 'How can I get Monero?' 13:45:38 -xmr-pr- > https://github.com/monero-project/monero-site/pull/1105 15:37:22 Can we add a page to the site for hosting audit results? 15:37:40 The CLSAG report is ready to be posted (in coordination with OSTIF's release), and we also have the BP and RandomX audits 15:37:52 good idea 15:37:52 Makes sense IMO to have a central "security" location for this or something 15:38:36 Unfortunately I can't provide the audit report publicly until the coordinated date, as a courtesy to OSTIF, who helped coordinate the process and also plan their own post about it 15:39:26 I don't want to scope creep, but maybe that page is also a good location for posting links to HackerOne for security reports 15:39:59 If you see a page marked "security" I think that makes sense 15:40:19 can you describe "security" location? 15:40:36 I thought just a place where we link to all audits, don’t understand the security part 15:40:48 Eh, it was just a thought 15:40:54 Whatever makes the most sense 15:41:03 But certainly at least all the audit reports in one easy location 15:41:26 Would it make sense to be under Resources -> Audits? 15:42:16 ah you meant naming the page security 15:42:24 thought you were talking about some extra security folder 15:42:33 Yeah 15:42:43 Oh there's already a vulnerability response link at the very top 15:45:29 What's the most clear name for this? 15:46:22 audits IMO 15:46:44 "audits" or "security audits"? 15:46:47 did we ever have h1 security reports? 15:47:01 How so? 15:47:34 ah so meant linking the existing reports :) 15:47:41 kinda confused with wordings today 15:47:48 I don't think there's a formal process after remediation in every case, but I am not sure how that works with H1 policy and reporter consent etc. 15:48:20 that's a better question for someone like moneromooo 15:48:44 I know a fair number of reports turn out to be misunderstandings or otherwise don't require any fixes 15:49:04 some reports also declined public disclosure 15:50:41 Well, any actual fixes could themselves be reported anyway, right? 15:50:51 Just perhaps not details of conversations with the reporters on H1? 15:51:03 Obviously commits are public 15:51:36 I think a broader "security" tag for audits and related posts makes sense imo 15:51:53 I'd like to have a general "How Monero takes security seriously" post 15:54:00 I was thinking a totally separate page 15:54:08 Do you think they fit better as a blog section? 15:54:29 The documents should be hosted on getmonero for reliable distributed storage on the repo 15:55:40 I don't recall where the RandomX audit reports got hosted 15:55:48 The BP audits are on the old research-lab repo 15:56:03 and the CLSAG report isn't hosted anywhere yet 15:56:22 randomx is on github too (randomx repo) 15:58:23 Makes sense :) 15:58:37 Might as well host on getmonero to avoid future dead links 15:58:47 The reports won't change 16:02:37 sgtm 16:05:46 Anyway: new page or blog section? 16:06:53 i would prefer new page 16:07:29 Sure 16:28:04 What would be the formats of these audits sarang? simple markdown pages? 16:29:16 I don't actually like the idea of separate pages. Complicates the site further. Why not have a filter for the blog? 16:29:49 back-date the old reports 16:30:13 anonimal wrote up some reports. He seems gone for a while now. 16:30:30 I have to say i'm not a big fan of a separate page either. The website is already kinda clogged. Maybe there could be a section in the MRL page 16:30:31 H1 can set bugs public, so linking to them should be enough maybe. 16:30:32 for the VRP, yeah 16:32:35 *maybe* we can replace the "Vulnerability Response" link with a link to a page about security, which would contain the VRP process, audit reports, and stuff like that. maybe. but that's higher effort 16:33:08 the blog already has tags 16:33:34 and from the drop down menu you're effectively choosing a tag and then viewing all the posts with that tag 16:33:49 oh it's tabs now, not drop down 16:34:12 eg. https://www.getmonero.org/blog/tags/urgent.html 16:34:52 so I fully support sgp_'s idea of just having blog posts, back-dated and tagged 16:35:16 there may be some overlap with "urgent" and "security" 16:36:18 Actually replacing the "vulnerability response" with a dedicated "security" section could be a good idea. No problem for me to do it. 16:36:40 sgp_: posts can have multiple tags 16:36:46 so they can appear under both 16:37:15 I'm thinking that we rename "popular tags" to "other tags" and include the other ones there that aren't at the top, like security 16:37:49 I don't like that popular tags thing anyway. Thinking about how to replace it for some time 16:37:53 ErCiccione[m]1: I see that as a separate, related project 16:37:59 we used to add a lot of tags to posts 16:37:59 https://raw.githubusercontent.com/monero-project/monero-site/master/_posts/2014-06-18-monero-missive-for-the-week-of-2014-06-16.md 16:38:00 tags: [monero missives, exchanges, research, usability, gui] 16:41:58 The problem i see with changin "popular tags" to "other tags" is that nobody will ever click on the "other tags" 16:44:48 Yeah, more i think about it more having a "security" page replacing the simple link to github in "Vulnerability Response" sounds like a good idea 16:46:25 What's the format of the audits usually? 16:59:40 PDF 17:15:59 Then yeah, a security page on top would be best. The blog post would be simply saying "hey, we had audits, here is the link". When we could just have a nice list easily borwsable 17:30:38 -xmr-pr- selsta opened pull request #1106: what-is-monero: fix video in Safari 17:30:38 -xmr-pr- > https://github.com/monero-project/monero-site/pull/1106 17:35:07 .merge+ #1106 17:35:07 Added 17:38:15 .merge+ #1072 #937 #982 #1042 17:38:16 Added 17:38:54 thanks for reviewing all that old stuff selsta, i was about to lose hope 😛 jk 17:40:11 But seriously, would love to see more people reviewing stuff 17:42:14 :D 17:44:33 I'm at the point when i don't even think "let's wait for reviewers", but directly "let's wait for selsta" :P 17:48:07 Maybe i will make a post or something to encourage contributions to the website. They already increased lately (even if sporadically), but i think we could do much more, especially on the reviewing side. 17:50:13 I saw a lot of people commenting but not approving 18:00:36 Yeah, i don't know if they are just "shy" or they genuinely don't know they should approve. Maybe i should make the process clear in the readme if it's not already 18:56:40 .merge+ #1051 18:56:40 Added