On 8/22/12 7:23 PM, Ehsan Akhgari wrote: > Is there going to be a triage of the approved but unfixed bugs? I'm > worried that we might miss bugs which are waiting for approval for a > few weeks in some cases (such as if the developer goes on vacation, > for example.)
That's a good idea and we can definitely do that. > Also, there is a chance that a patch will bitrot if it waits for > approval for a few weeks. Are we planning to include enough time for > people to potentially fix up their patches against the recent changes, > get try server results, etc.? This is a human driven process. So, if someone says, "Oh, you gave me approval but my patch is out of date now, can I take a week to update it?", I don't think any rational person involved (like me) is going to say that you cannot do so. This isn't a stick with which to hit people. The overall goal is simply to avoid accidental exposure of security issues before their time, so we can shepherd when things go in a bit better. I think it will wind up being relatively flexible and straightforward for folks. Al -- Program Manager Mozilla Security Team _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
