[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Proper security-related issue handling on bugs.kde.org
From: Richard Hartmann <richih.mailinglist () gmail ! com>
Date: 2010-05-14 8:39:05
Message-ID: AANLkTinKqW109b0A9Uwpk3clexgawpITNpw5gkHfer4d () mail ! gmail ! com
[Download RAW message or body]
-=PLEASE KEEP ME CC'ed ON THIS THREAD=-
Hi all,
as per security policy[1], the only way to handle security-related
issues to send email to security@kde.org . The reasoning behind this
is, of course, that these issues should be handled quietly.
Yet, when an issue is already on bugs.kde.org , there is not readily
apparent way of making the security team aware of this issue. Obviously,
one can simply CC this list which I just did for [2] and [3], but I
would argue that this is not intuitive at all.
At the least, I would suggest that [4] is updated to mention security
for Major or Critical.
Ideally, there would be an extra severity and/or an extra field to
mark security-related issues as such.
Thanks,
Richard
PS: As a reminder, please keep me CC'ed. I would really like to follow
this discussion. Alternatively, keep this discussion to kde-devel, not
security@. I am cross-posting because I really don't know where to send
this.
[1] http://kde.org/info/security/policy.php
[2] https://bugs.kde.org/show_bug.cgi?id=171608
[3] https://bugs.kde.org/show_bug.cgi?id=233104
[4] https://bugs.kde.org/page.cgi?id=fields.html#bug_severity
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic