launchpad-dev team mailing list archive

Thread
Date

Re: Managing disclosure mockups for testing

To: Robert Collins <robert.collins@xxxxxxxxxxxxx>
From: Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Mon, 08 Nov 2010 14:40:02 -0500
Cc: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <AANLkTimA+0WKUonsrt6bKM41hYY_sLi8mLQqp=R5TSWE@mail.gmail.com>
Organization: Canonical Ltd.
Reply-to: curtis.hovey@xxxxxxxxxxxxx

On Tue, 2010-11-09 at 07:44 +1300, Robert Collins wrote:
> """
> We will know this feature woks when the canonical team is an observer
> of
> all Canonical-owned projects. All the employees can view the private
> bugs and branches without hunting someone down to create a
> subscription.
> """
> 
> Just for clarity - its my (probably incorrect) understanding that due
> to the agreement with the CVE group, we can't disclose security bugs
> [in ubuntu] to all staff, only to the nominated security contacts.
> 
> I may be very wrong, but felt I needed to confirm this.

This is the first I have heard of this requirement/restriction. This is
not a scary or contradictory change. security_related is a is a separate
a flag on a bug that is managed separately from the private flag, I
image that something is very wrong if a public branch is linked to a
security bug. Maybe branches need a security_related flag too.

-- 
__Curtis C. Hovey_________
http://launchpad.net/

Attachment: signature.asc
Description: This is a digitally signed message part

References

Managing disclosure mockups for testing
From: Curtis Hovey, 2010-11-05
Re: Managing disclosure mockups for testing
From: Matthew Revell, 2010-11-08
Re: Managing disclosure mockups for testing
From: Curtis Hovey, 2010-11-08
Re: Managing disclosure mockups for testing
From: Robert Collins, 2010-11-08