Re: Bits from the Security Team
On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote:
> If you're opening a ticket for a security problem which is publicly
> known, e.g. if it's announced on the project web site, please open a
> ticket in the "Security" queue. These issues will be visible
Is there any particular reason why we're duplicating this information
that should already be present in the bts as bugs with severity
serious tagged security marked found in a version in stable in RT?
If there are some change to the BTS needed for the security team to
track the non-embargoed issues more easily, I'd be glad to make (or at
the very least discuss) them.
From where I sit it seems non-ideal for both the security team and
maintainers (as well as anyone else who is interested) to put this
information in a system which isn't tied in strongly with the BTS or
otherwise is unable to track package versioning.
You could say to the Universe this is not /fair/. And the Universe
would say: Oh it isn't? Sorry.
-- Terry Pratchett _Soul Music_ p357