On Tue, 24 May 2011, Christiaan Welvaart wrote: > On Tue, 24 May 2011, Michael Scherer wrote: > >> I would keep this as a update after the release is out ( like they 4 >> ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since >> yesterday. >> >> So maybe we could open bugs for this ? > >> There is 2 proposal : >> - filling them on security, and have a saved search > > What do you mean by that, a security product?
There is a component "Security" on bugzilla. > >> - creating a tracker bug >> >> I would be in favor of the tracker bug : >> - you can subscribe to it >> - it will be clearer ( as bugfixes are not security so we may miss some >> update to do ) >> - it doesn't pollute the list of saved search >> >> But as pascal said, a tracker bug requires that each bug to be linked to >> it, which is manual and error prone. > > I don't know much about bugzilla, but: > - Add a keyword 'security' to all security bugs. > (also manual and error prone?) We already have a security component. Would a keyword instead of a component be better for this ? It is also manual, but a keywork is easier to remember than a tracker bug number. Maybe we can also think about a mailing list to receive all security bugs.
