Mailinglist Archive: opensuse-packaging (174 mails)

< Previous Next >
Re: [opensuse-packaging] factory-auto will start checking bnc# visibility
On Wed, Nov 27, 2013 at 09:32:20PM +0100, Křištof Želechovski wrote:
Dnia czwartek, 21 listopada 2013 16:12:35 Dominique Leuenberger a.k.a.

So as a consequence I can no longer submit a security fix to address a
'non-public vulnurability' before opening the bug and making it
public? :)

Submitting a security fix makes the bug public anyway because the fix tells
you where the bug is. This is even true for closed-source binaries.

we do not assign embargoed security bugs to non-SUSE packagers, as reporters
usually implicitely assume it won't leave SUSE.

After the embargo ends the bugs are opened and community packagers assigned
or cced.

Also submitting embargoed fixes is not done on OBS before end of embargo

Ciao, Marcus
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >