On Wed, Jun 10, 2026 at 06:28:34AM -0400, Michael S. Tsirkin wrote: > On Thu, Jun 04, 2026 at 05:50:45PM +0100, Daniel P. Berrangé wrote: > > I previously raised the idea of using GitLab issues for security > > disclosures: > > > > https://lists.gnu.org/archive/html/qemu-devel/2026-05/msg04582.html > > > Thanks a lot for posting this! > > Do we want a special > > .gitlab/issue_templates/security_bug.md > > For this? > > It can include guidance in a friendly way.
I'm on the fence about that. I was coming at this from the POV that security issue disclosure and triage is effectively identical to normal bug disclosure & triage. The only difference is that a security issue is initially "confidential" until a maintainer has sanity checked its severity. I don't think we need to prompt for different types of information from the user, and even if we did, it seems like we'll probably just get the structured markdown doc the LLM spits out that people have been emailing us. Maybe it is sufficient to just link to the security.html page from the existing issue template. With regards, Daniel -- |: https://berrange.com ~~ https://hachyderm.io/@berrange :| |: https://libvirt.org ~~ https://entangle-photo.org :| |: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
