Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
Re: [opensuse-factory] Opening private bugs
  • From: Michal Kubecek <mkubecek@xxxxxxx>
  • Date: Tue, 29 May 2018 11:12:08 +0200
  • Message-id: <2759661.3DzsIUSkPr@alaris>
On Tuesday, 29 May 2018 10:39 Richard Brown wrote:
On 29 May 2018 at 08:36, Michal Kubecek <mkubecek@xxxxxxx> wrote:
Embargoed security bugs are actually not that much of a problem. As
security bugs are public by default, even embargoed ones are bound
to
become public eventually so that involved people (should) keep that
in mind from the start and (should) think about which comment or
attachment should be private and which not.

Well yes, not a problem from your perspective, but from a non-suse
contributors perspective there is no way of knowing that a private bug
is private because its a security bug or a normal product bug

Security bugs are public by default. The only exception should be
embargoed ones but those are only private until the embargo is lifted -
and before that they shouldn't be referenced anywhere in public (not
even in OBS). In theory, it might be possible to have updated packages
released before security team clears the flag in bugzilla but it's very
unlikely.

Michal Kubecek


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >