On Thu, 20 Jan 2011, Ian Jackson wrote:
Stefan Fritsch writes ("Re: security updates introducing breakage"):Ack. There is no automatic way the security team is notified of such bugs. Please CC us in such cases.Would it be worth defining a [user]tag of some kind that would allow this kind of thing to be dealt automatically ?
If reportbug asked if the bug was a regression introduced in a security update or stable point update, and then CCed the relevant teams, that would be nice, IMHO.
An alternative would be to look for bugs which are "fixed" in the previous version but "found" in the update, and ask submitters of regressions to mark the bug as "fixed" in the previous working version.
This probably also amounts to reportbug asking if the bug is a regression and then marking the bug as such. If this can be done without the submitter having to know about the BTS's version tracking, this would be ok, too.