On Mon, 11 Jun 2007 14:55:43 -0400 Christopher Aillon <caillon@xxxxxxxxxx> wrote: > Kevin Fenzi wrote: > > - Should the filed bug have a CC to the list? I guess you mentioned > > this above. I think it's probibly a good idea so folks can see the > > progress of fixes. > > I don't think we want to do this. Imagine someone files a bug to us > with an embargo date of: future. Someone reading the list archives > could easily get that information and release it to the public ahead > of the embargo date. Essentially, by cc:ing a public list, we broke > the embargo ourselves. Agreed, to be avoided. Can't we simply not add CC to the bugs that are under an embargo? Or is there no simple way to tell? > We want to honor embargos as much as possible, so we can continue > being in good favor with those who give us advance notification. > Additionally, when we are planning to release something on a given > day, and it turns out to get leaked, we have to scramble much more > quickly. Not good for many reasons. Absolutely. At the same time, bugs that are public already I think it's good to see progress on the list/in bugzilla. We may spot cases where maintainers need help, want more info, or otherwise could use input from the security list. Just my 2cents tho... if it's decided not to CC the list thats fine too. kevin
Attachment:
signature.asc
Description: PGP signature
-- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
