From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fche@elastic.org>
Received: from elastic.org (elastic.org [IPv6:2600:3c03::f03c:91ff:fe50:73f])
 by sourceware.org (Postfix) with ESMTPS id AA48E3854817
 for <overseers@sourceware.org>; Mon,  4 Jan 2021 17:50:50 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AA48E3854817
Received: from vpn-home.elastic.org ([10.0.0.2] helo=elastic.org)
 by elastic.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 (Exim 4.94) (envelope-from <fche@elastic.org>)
 id 1kwU0I-0006K8-4Z; Mon, 04 Jan 2021 17:50:50 +0000
Received: from very.elastic.org ([192.168.1.1])
 by elastic.org with esmtp (Exim 4.94)
 (envelope-from <fche@elastic.org>)
 id 1kwU0H-000UpE-Em; Mon, 04 Jan 2021 12:50:49 -0500
Received: from fche by very.elastic.org with local (Exim 4.94)
 (envelope-from <fche@very.elastic.org>)
 id 1kwU0H-007hU7-7R; Mon, 04 Jan 2021 12:50:49 -0500
Date: Mon, 4 Jan 2021 12:50:49 -0500
From: "Frank Ch. Eigler" <fche@elastic.org>
To: Overseers mailing list <overseers@sourceware.org>
Cc: Jeff Law <law@redhat.com>, Salah Mosbah <salahbughunter@gmail.com>,
 overseers@gcc.gnu.org, gcc@gcc.gnu.org, janus@gcc.gnu.org, jself@gnu.org
Subject: Re: Security vulnerabilities affects core API authorization of gnu.org
Message-ID: <20210104175049.GD1662332@elastic.org>
References: <CAFEc1FcNApb65M6D6aVi=qZ6OiQ64QPGfTA558POYvS55uV=dA@mail.gmail.com>
 <ac9ccc21-c01a-a503-a598-e009e30bf4e7@redhat.com>
 <CAFEc1Fc4XUn7udO3024NNSxqU+VA1sXVFjxui9Y2s-0rhY1KBw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAFEc1Fc4XUn7udO3024NNSxqU+VA1sXVFjxui9Y2s-0rhY1KBw@mail.gmail.com>
X-Sender-Verification: ""
X-Sender-Verification: ""
X-Spam-Status: No, score=-102.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_SBL_CSS, SPF_HELO_PASS,
 SPF_PASS, TXREP, USER_IN_WELCOMELIST,
 USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: overseers@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Overseers mailing list <overseers.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/overseers>,
 <mailto:overseers-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/overseers>,
 <mailto:overseers-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 17:50:52 -0000

Hi -

> Does gnu.org has a bug bounty program or reporting bugs reward policy?

You are not talking to gnu.org, you are talking to gcc.gnu.org admins.
Maybe see webmasters@gnu.org.
I am not aware of any sort of bug bounty in either site.

- FChE