[Gluster-Maintainers] Move out of bugzilla to github issues --> for everything...
Shyam
srangana at redhat.com
Fri Feb 17 17:23:02 UTC 2017
On 02/15/2017 08:06 PM, Shyam wrote:
> On 02/15/2017 04:27 PM, Amye Scavarda wrote:
>> On Wed, Feb 8, 2017 at 11:04 AM, Shyam <srangana at redhat.com
>> <mailto:srangana at redhat.com>> wrote:
>> How does Github help a project with something like a zero-day issue that
>> needs to be fixed but can't be public?
>> Or other security issues?
>
> Does a security at gluster.org like list help here? People who are
> reporting security vulnerabilities are also responsible not to make it
> public (I think), so reaching out to a mailing list that is more
> strictly controlled may help here?
Here is another thought for the above and also for questions on "where
will users upload logs/cores or any such data".
Let's use bugzilla for security related bugs, this can be clarified in
the issue template (see [1]).
Let's also add to the template that a bug can be opened to attach issue
related content and referenced in the issue and vice-verse. This is not
an additional step in any case, as the user has to go to some site/place
to upload the logs and point us to that when needed.
Thoughts? This can be discussed in isolation of "are we going to github
for bugs now?" discussion I hope :)
Shyam
[1] github issue and PR templates: https://review.gluster.org/16618
More information about the maintainers
mailing list