2018-02-08 Engineering Meeting

Date/Time: 2018-02-08 @ 14:00 UTC / 09:00 EST / 22:00 HKT
Length: 45 minutes
Meeting link: https://zoom.us/j/416493133


Hackerone Process


We have a security vulnerability bounty program at Hackerone.

Our current process works something like this:

@aaron triages new reports and addresses the issues himself if they’re in packages where he’s best suited to addressing them. Otherwise he’ll usually reach out to the team member that is best suited to addressing the vulnerability.

Once the vulnerability is addressed, that person makes a comment on the Hackerone report and @aaron awards the bounty.

Desired Outcome

Answers to:

  • Should we pause the program for a while?
  • If not, should we redefine/reduce the scope of the program?
  • Who is responsible for these reports currently?
  • Who should be responsible for these reports going forward?

Please reply to this forum post with items you would like included on the agenda.

Each item should include:

  • Item name
  • Background information: Links to github issues, forum posts, etc with background information on the item
  • Desired outcome: what decision or deliverable would you like from the discussion of this topic at the meeting?

We’ll save ~10 minutes or so for community questions or comments at the end of the meeting.

I’ll turn proposed items into an agenda prior to the the meeting.

@larry, meeting ID say invlaid and not able to join in zoom.

Engineering meeting notes


  • ken
  • aaron
  • jack
  • muneeb
  • chase
  • jude
  • pj

Meeting logistics

Settings on our engineering meeting got changed in the zoom account which caused a delay in meeting start. The core team members on the call indicated that they’ve all had trouble with the shared zoom accounts and having to use appear.in or alternates for ad hoc meetings and running into video quality issues.

Action item: suggest that all team members be provided with their own zoom account https://github.com/blockstackinc/operations/issues/184


@aaron is the primary person currently response for our hackerone program
He generally pings the person best situated to handle a bug.

Recently, Hackerone introduced new features with SLAs about how fast you’re supposed to respond which is why we received a notice that we weren’t responding quickly enough.

Action items:

Gaia app developers pain points

App developers are having trouble debugging apps because of lack of user data.

Possible approaches:

  • Ability to dumping storage and easily share with develop
  • Better suggestions on how to work with client side error management

App developers are having trouble applying their existing design patterns to Blockstack

Possible approaches:

  • Documentation about different storage design patterns
  • Developer tools for storage
  • Examples

Action items:

  • Documentation & Specs in the next sprint