On Wed, Nov 27, 2013 at 09:32:20PM +0100, Křištof Želechovski wrote:
Dnia czwartek, 21 listopada 2013 16:12:35 Dominique Leuenberger a.k.a. Dimstar pisze:
So as a consequence I can no longer submit a security fix to address a 'non-public vulnurability' before opening the bug and making it public? :)
Submitting a security fix makes the bug public anyway because the fix tells you where the bug is. This is even true for closed-source binaries.
FWIW, we do not assign embargoed security bugs to non-SUSE packagers, as reporters usually implicitely assume it won't leave SUSE. After the embargo ends the bugs are opened and community packagers assigned or cced. Also submitting embargoed fixes is not done on OBS before end of embargo currently. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org