This was originally posted in the lounge section, but on the advice of @Shawn I have moved it to a more general section. Sorry for the length of the post it is a few posts meshed into one.
Message 1:
Hi,
I would like to see if I can do anything to help. I have recently found myself in a position where I have got a sabbatical from work, still have the finer details to work out. I just found and brokered 2 exploits. so my return to work might be delayed longer.
I now have 2 - 3 months with an extra 6 hrs or so a day. I plan on picking up stealth2000’s fpga project and finishing it, showing how and why it has issues. (but that is a hobby) - then making a hardware wallet out of it and maybe putting some physical protection on it., it is a nice little device with some interesting functionality.
Im offering to work part time (16hrs a week) for free, to zcash co.
I specialise in testing, specifically automation and cryptography (CBC, etc). I used to run the bitcoin testing project (Hi Gavin!) but that never really got off the grounds due to bettermeans.com going down, and just general lack of interest.
I don’t want to be on the dev team, I am not trying to be your friends, I have some very specialised skills, (writing production standard code is not one of them) I am a tester/rce kinda guy - you makes it, I breaks it.) I am offering my skills for free.
This generated some really useful links from gareth davies.
After a few weeks and going through all I could find on GitHub that seemed relevant, I added this message:
Hi all,
This is not a rant, it might seem a little rant like, but I am frustrated, not mad.
So far I have been making a decent testnet and some testcases (mainly just corner cases at the moment, like boundaries, equivalences, critical path , etc)
I am using a wiki so I can coordinate my efforts without shitting up the dev list (devs seem to get pretty upset when testers have lots of basic questions, I cant really blame them. I just don’t want to rock the boat.) - if you want to come have a look shoot me a msg. it is quite empty at the moment.
On windows I am currently creating a testing harness in I am not sure if I should ditch this and move to Debian. (the harness is in perl tho.)
I may just be blind or looking in the wrong place (Im not that good with GitHub), but where are the testcases, smoke, unit, UI, build, platform, etc. Are these internal only? If they are may I please have some kind of read only access to the non vuln bugs? Im writing up bugs and testcases in MantisBT and it just feels like im repeating stuff. (but for my projects I use mantis and dokuwiki, they integrate really well.)
One last issue, as a ‘zcash development outsider’ I am finding it very hard to verify bugfixes. Their are little to no steps to reproduce, little to no observed behaviour, little to no expected behaviour and no other tests that would be edge cases for the fix. links to the bug via testcase software, or related bugs or even just the testcase that failed.)
Is their a person who is in charge of test who I can communicate about this with? I have no problem signing NDA’s
Thanks