On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote: > If you're opening a ticket for a security problem which is publicly > known, e.g. if it's announced on the project web site, please open a > ticket in the "Security" queue. These issues will be visible > publicly.
Is there any particular reason why we're duplicating this information that should already be present in the bts as bugs with severity serious tagged security marked found in a version in stable in RT? If there are some change to the BTS needed for the security team to track the non-embargoed issues more easily, I'd be glad to make (or at the very least discuss) them. From where I sit it seems non-ideal for both the security team and maintainers (as well as anyone else who is interested) to put this information in a system which isn't tied in strongly with the BTS or otherwise is unable to track package versioning. Don Armstrong -- You could say to the Universe this is not /fair/. And the Universe would say: Oh it isn't? Sorry. -- Terry Pratchett _Soul Music_ p357 http://www.donarmstrong.com http://rzlab.ucr.edu