launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] ~alvarocs/launchpad:feature/security_md_update into launchpad:master

To: mp+473581@xxxxxxxxxxxxxxxxxx
From: Alvaro Crespo Serrano <mp+473581@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Sep 2024 16:13:37 -0000
In-reply-to: <172684523004.3903508.17815847772128969235.codereview@juju-98d295-prod-launchpad-2>
Reply-to: mp+473581@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

> You might also include a short bit of information about what people can expect
> (e.g. "we'll review and get back to you" or "we'll review but won't respond").
> 
> It might also be possible to highlight what we might and might not consider to
> be security concerns, which could help us reduce the amount of false positives
> received. We could also add this later.
> 
> I think it might also be good to link to the Ubuntu Security disclosure and
> embargo policy: https://ubuntu.com/security/disclosure-policy

Added that we may consider getting back to them if needed. 

About the second point, I can add a section maybe called "What qualifies as a security vulnerability" but not sure what points to add in there.

The ubuntu security disclosure policy was already linked.
-- 
https://code.launchpad.net/~alvarocs/launchpad/+git/launchpad/+merge/473581
Your team Launchpad code reviewers is requested to review the proposed merge of ~alvarocs/launchpad:feature/security_md_update into launchpad:master.

References

Re: [Merge] ~alvarocs/launchpad:feature/security_md_update into launchpad:master
From: Clinton Fung, 2024-09-20