[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Security Team

On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote:
> If you're opening a ticket for a security problem which is publicly
> known, e.g. if it's announced on the project web site, please open a
> ticket in the "Security" queue. These issues will be visible
> publicly.

Is there any particular reason why we're duplicating this information
that should already be present in the bts as bugs with severity
serious tagged security marked found in a version in stable in RT?

If there are some change to the BTS needed for the security team to
track the non-embargoed issues more easily, I'd be glad to make (or at
the very least discuss) them.

From where I sit it seems non-ideal for both the security team and
maintainers (as well as anyone else who is interested) to put this
information in a system which isn't tied in strongly with the BTS or
otherwise is unable to track package versioning.

Don Armstrong

You could say to the Universe this is not /fair/. And the Universe
would say: Oh it isn't? Sorry.
 -- Terry Pratchett _Soul Music_ p357

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to: