On Wed, Oct 26, 2022 at 12:33 PM Suhaib Mujahid <[email protected]> wrote:
> When a bug is closed as a duplicate of another bug, the duplicate bug > could be showing a different view/effect of the same defect. Thus, their > severity could be different. > As a special case of this, security bugs should NOT be marked as a duplicate of a non-security bug. In most cases the security bug should be left open and made to "depend on" the non-security bug. Please leave a note in the whiteboard of the security bug along the lines of "will be fixed by XXX", and mark the security bug "FIXED" when it's blocking bug is. The separate security bug is a trigger that reminds us to: - verify the security issue is really fixed - write advisories when the time comes - track bug bounties when applicable -Dan Veditz -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADYDTCDYcAVyt4Q6jgYtJwpUaUfiyi%3DuMqSYjmfWdaKJwoA%2BwQ%40mail.gmail.com.
