Radar 46

[chadwhitacre]

What are you working on this week and why?

last week

[clone1018]

Payday on Thursday!

[chadwhitacre]

Roadmap (what?)

Short Term

Embarrassments:

• can't edit teams (Team Basics)
• not using immutable ids (https://github.com/gratipay/gratipay.com/issues/835)
• widgets are broken (https://github.com/gratipay/inside.gratipay.com/issues/389#issuecomment-153884921)
• escrow imprecision (https://github.com/gratipay/inside.gratipay.com/issues/389#issuecomment-153929881)
• no payroll! https://github.com/gratipay/gratipay.com/issues/3433
• Team and ~user pages are the same https://github.com/gratipay/gratipay.com/issues/3852

Long Term

Color code:

• red—external forces that we're under
• yellow—administration
• green—product development
• orange—marketing
• blue—capitalization

[chadwhitacre]

@clone1018 :-)

[chadwhitacre]

Seems that we are getting more HackerOne traffic now that we offer bounties (#369).

[chadwhitacre]

Most of the reports are low-quality and feel like a waste of time. :-(

[chadwhitacre]

@hurlothrumbo has discovered the illustrator of the cover of The Internet (#462, #472).

"Security"

An article for Computer Publishing Group discussed the different ways to keep the data on computers secure.

[chadwhitacre]

Inbox 2, GitHub 2, L2 Support 1, Vendors, etc. 0.

Gosh, now we're getting low-quality security reports on security@gratipay.com, which we haven't seen since starting HackerOne (#255). Sup with that?

[chadwhitacre]

Spent some time on grtp.co this morning (https://github.com/gratipay/grtp.co/pull/115, https://github.com/gratipay/grtp.co/pull/116). First French lesson in 20 minutes. Things on my mind after that:

• Team Review 21, especially https://github.com/gratipay/team-review/issues/156
• @brainwane's CoC feedback: https://github.com/gratipay/inside.gratipay.com/issues/499
• kicking off Uphold compliance for @rohitpaulk (https://github.com/gratipay/gratipay.com/issues/3870)
• checking on @mattbk's PR: https://github.com/gratipay/grtp.co/pull/112
• L2 Support 1
• https://github.com/gratipay/inside.gratipay.com/issues/487#issuecomment-180383958

[chadwhitacre]

Just handed out our first "Not Applicable" on HackerOne (-5 reputation). Not sure how else to discourage junk reports.

[chadwhitacre]

Aaaaaaand now we're looking at splitting Aspen out into a separate org: https://github.com/gratipay/aspen.py/issues/547. :eyes:

[chadwhitacre]

https://github.com/AspenWeb!

[mattbk]

L1 Support 0.

[chadwhitacre]

Inbox 2, GitHub 3, L2 Support 0, Vendors, etc. 0.

Security 16.

[chadwhitacre]

Hmmm ... merge commits are a little goofy coming from security (e.g.) since the PR numbers are off in the comment.

@rohitpaulk et al. Should we land security PRs via squash-and-rebase (as currently specified), or are we okay with merge commits? Merge commits are definitely easier under GitHub.

[chadwhitacre]

Merge commits are definitely easier under GitHub.

And they're what we use otherwise.

[chadwhitacre]

PR for merge commits for security: https://github.com/gratipay/inside.gratipay.com/pull/505.

[chadwhitacre]

Security 14.

[chadwhitacre]

Inbox 3, GitHub 2, L2 Support 0, Vendors, etc. 0.

[chadwhitacre]

Security 18!

[clone1018]

@whit537 is this all just automated hackerone spam?

[chadwhitacre]

No, it's not automated spam. HackerOne doesn't seem to have a listing of our publicly disclosed tickets, but all the ones so far are linked at https://github.com/gratipay/inside.gratipay.com/issues/506#issuecomment-185535229. This is kind of annoying but ultimately I think it's really healthy for us. Most of this stuff is like shaving and brushing your teeth, but we've seen a couple more serious issues so far, and staying on top of the little stuff is good practice to prevent bigger stuff from cropping up.

[chadwhitacre]

The email will be sent to the customer and will be logged as a ticket without triggering any notifications. Learn more.

Yesssssss! I've wanted this feature. !m @Freshdesk

cc: @mattbk

[chadwhitacre]

Email (what?)