On Thu, Oct 28, 2010 at 6:18 AM, Thiago Macieira <[email protected]> wrote:
> On Thursday, 28 de October de 2010 05:44:09 Bradley Smith wrote: > > You need to be presenting a darn good reason why bugs are not being > > shown to everyone. > > Usually that reason is "security issue" or "customer sensitive > information". > > But like you said, there should be a way to request access for people who > need > to know. > > There are a number of bugs in the MeeGo Bugzilla that are restricted specifically to the security group. They remain closed to only the security group, the bug submitter and the cc list until a fix for the security issue is available. Once a fix is available, the bug is made public. The reason for this is that until a fix is in place, the bug is essentially a map on how to exploit a MeeGo system. We also have commitments to keep certain bugs embargoed until a fix is available for the majority of Linux distributions. While I strongly appreciate the need for access of information in an open project like this (and I try to error on the side of the community), this is also best practices as followed by all the leading Linux distributions. If anyone here feels that they need access to a specific security related bug, please send me an email and I will evaluate and see what we can do. Thanks, Ryan
_______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
