How are security issues treated in UEFI anyway? Are they kept a secret forever or just for a specific time span?
A reason for keeping them a secret forever(while pushing unsuspicious fixes) probably would be the fact that most UEFI systems don't get updated. Thanks Michael On Tue, Aug 2, 2016 at 9:34 PM, Laszlo Ersek <[email protected]> wrote: > On 08/02/16 21:10, Kinney, Michael D wrote: > > Michael, > > > > I am open to suggestions on this topic. > > > > If there is a strong opinion that we need to protect specific fields > > from being modified, then we can look into updating the configuration. > > > > I think with Bugzilla change history and edk2-bugs mailing list, we can > > all see the changes to any issue, so even if someone does do an > > incorrect edit, I think we can put it back. > > Does "editbugs" include changing the product from "Tianocore Security > Issues" to something else, possibly exposing the security issue to the > world? > > Hm... It probably doesn't matter. If a security issue can be looked at > (which is a pre-requisite for the product field to be changed) by anyone > in the first place, then they can expose the contents to the world in > other ways too. :) > > So I think trusting all registered accounts with "editbugs" is a good > starting point too. > > Thanks > Laszlo > > > > *From:*Michael Zimmermann [mailto:[email protected]] > > *Sent:* Tuesday, August 2, 2016 11:57 AM > > *To:* Laszlo Ersek <[email protected]> > > *Cc:* Kinney, Michael D <[email protected]>; edk2-devel-01 > > <[email protected]> > > *Subject:* Re: [edk2] Tianocore Bugzilla Server is now live > > > > > > > > Is it just my account or does everybody have the permission > > "editbugs Can edit all bug fields"? > > > > > > > > It sounds like this is something only moderators should be able to do. > > > > > > > > Thanks > > > > Michael > > > > > > > > On Thu, Jul 21, 2016 at 8:43 PM, Laszlo Ersek <[email protected] > > <mailto:[email protected]>> wrote: > > > > On 07/21/16 20:07, Kinney, Michael D wrote: > > > Laszlo, > > > > > > Try again...it was disabled for a short period of time. > > > > Yes, it's working now. > > > > I'll let you know when I'm done with the clipboard "wizardry" and the > > occasional reformatting :) > > > > Thanks! > > Laszlo > > > > >> -----Original Message----- > > >> From: edk2-devel [mailto:[email protected] > > <mailto:[email protected]>] On Behalf Of Laszlo Ersek > > >> Sent: Thursday, July 21, 2016 10:33 AM > > >> To: Kinney, Michael D <[email protected] <mailto: > [email protected]>> > > >> Cc: edk2-devel-01 <[email protected] <mailto: > [email protected]>> > > >> Subject: Re: [edk2] Tianocore Bugzilla Server is now live > > >> > > >> On 07/21/16 19:05, Kinney, Michael D wrote: > > >>> Laszlo, > > >>> > > >>> Yes. We can hold off disabling GitHub. Let us know when you > are ready. > > >> > > >> Thank you! However, github is rejecting my new comments in the > browser > > >> tabs that I have open already, and it rejects my fresh requests > for > > >> issue URLs. > > >> > > >> Thanks, > > >> Laszlo > > > > _______________________________________________ > > edk2-devel mailing list > > [email protected] <mailto:[email protected]> > > https://lists.01.org/mailman/listinfo/edk2-devel > > > > > > > > _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
