On Thu, Sep 8, 2022 at 6:17 AM Petr Pisar <ppisar@xxxxxxxxxx> wrote:
>
> V Thu, Sep 08, 2022 at 01:06:17AM +0200, Kevin Kofler via devel napsal(a):
> > Maxwell G via devel wrote:
> > > I don't think Fedora packagers should be CCed on these global trackers.
> >
> > The problem is that, as it stands, those global trackers are the only place
> > that actually explains (usually in one paragraph) what the security issue
> > actually is. The [fedora-all] trackers are pretty useless considering that
> > they contain no information whatsoever beyond the subject line. (Their only
> > relevant content is the state, mainly whether they are open or closed.)
> >
> [fedora-all] bugs links to the vulnerability tracker with Bugzilla
> dependencies. For me it's pretty obvious where to find the details. If it's
> not for obvious for others, then an additional sentence in the [fedora-all]
> description text ("More details about this vulnerability are in bug #NNN")
> could help.
>
Fedora maintainers are CC'd often on the parent bug to bypass the
private bug status while a bug is "under development". This has
happened a few times for me as a maintainer of crypto-adjacent
packages.
But yeah, some of it is definitely not right and last year I got
spammed with so much that Gmail started rate limiting me. I had to
turn several lists into digest mode to go back under.
--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
