Fedora 8 security flaws in Bugzilla
Kevin Fenzi
kevin at tummy.com
Wed Aug 29 19:41:01 UTC 2007
On Wed, 29 Aug 2007 18:02:21 +0200
Lubomir Kundrak <lkundrak at redhat.com> wrote:
> On Wed, 2007-08-29 at 10:40 -0500, Jason L Tibbitts III wrote:
> > >>>>> "LK" == Lubomir Kundrak <lkundrak at redhat.com> writes:
> >
> > LK> Or are we going to handle that in another way? SFM?
> >
> > If the problem is bodhi closing bugs that may need to remain open to
> > track the issue in different branches, wouldn't it be far simpler
> > for bodhi to grow the option to just not close referenced tickets?
> > That way we could record information about which branches have been
> > fixed in a freeform manner and not push a ton of flags or cloned
> > tickets.
>
> If we went the flags way, it would imply modification similar to this
> to Bodhi.
So there would need to be a flag for each supported release?
Not sure if bugzilla can handle that. I seem to remember that the
number of flags that can exist was limited.
If however it can do this that might be a nice way to track things...
Also, it would be nice if we added an alias for the CVE for a bug... so
we could go to https://bugzilla.redhat.com/CVE-2007-NNNNN and get the
bug.
There was discussion about having someone from the security team ack
'Security' marked bugs in bodhi before they are pushed out. If we get
that in place, we could just have that person close the bug, rather
than have bodhi do so.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20070829/7bac1232/attachment.sig>
More information about the Fedora-security-list
mailing list