[Gluster-Maintainers] Move out of bugzilla to github issues --> for everything...

Fri Feb 17 19:55:33 UTC 2017

On 02/17/2017 12:23 PM, Shyam wrote:
> On 02/15/2017 08:06 PM, Shyam wrote:
>> On 02/15/2017 04:27 PM, Amye Scavarda wrote:
>>> On Wed, Feb 8, 2017 at 11:04 AM, Shyam <srangana at redhat.com
>>> <mailto:srangana at redhat.com>> wrote:
>>> How does Github help a project with something like a zero-day issue that
>>> needs to be fixed but can't be public?
>>> Or other security issues?
>>
>> Does a security at gluster.org like list help here? People who are
>> reporting security vulnerabilities are also responsible not to make it
>> public (I think), so reaching out to a mailing list that is more
>> strictly controlled may help here?

Added misc, as he had some good observations in the bug report against 
infra [2] that was filed.

Currently security CVEs seem to reach us through here,
   RH Bugzilla: Product "Security response", Component "vulnerability"
   example: https://bugzilla.redhat.com/show_bug.cgi?id=1138145
   example: https://bugzilla.redhat.com/show_bug.cgi?id=1200927

I think the above does not change with this proposed move to gthub. Is 
there something I am missing?

>
> Here is another thought for the above and also for questions on "where
> will users upload logs/cores or any such data".
>
> Let's use bugzilla for security related bugs, this can be clarified in
> the issue template (see [1]).
>
> Let's also add to the template that a bug can be opened to attach issue
> related content and referenced in the issue and vice-verse. This is not
> an additional step in any case, as the user has to go to some site/place
> to upload the logs and point us to that when needed.
>
> Thoughts? This can be discussed in isolation of "are we going to github
> for bugs now?" discussion I hope :)
>
> Shyam
> [1] github issue and PR templates: https://review.gluster.org/16618
[2] BZ against Infra: https://bugzilla.redhat.com/show_bug.cgi?id=1423002