>>>>> "Mark" == Mark Wielaard <mark@xxxxxxxxx> writes: Mark> Maybe Andrew (one of the gcc bug-masters) can advise us on when to add a Mark> new keyword and when to use meta-bugs. How do other projects handle Mark> security issues/bug reports in their issue trackers? Often serious security issues aren't filed at all, but instead the maintainers are contacted privately, and the fixes are embargoed until a certain date. I thought this question was more about "security" in the sense of "bugs we know of in our security code", not "security flaws requiring a quick turnaround". Tom