Kevin Fenzi wrote:
- Should the filed bug have a CC to the list? I guess you mentioned
this above. I think it's probibly a good idea so folks can see the
progress of fixes.
I don't think we want to do this. Imagine someone files a bug to us
with an embargo date of: future. Someone reading the list archives
could easily get that information and release it to the public ahead of
the embargo date. Essentially, by cc:ing a public list, we broke the
embargo ourselves.
We want to honor embargos as much as possible, so we can continue being
in good favor with those who give us advance notification.
Additionally, when we are planning to release something on a given day,
and it turns out to get leaked, we have to scramble much more quickly.
Not good for many reasons.
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
