https://bugs.kde.org/show_bug.cgi?id=459841
Bug ID: 459841
Summary: Should users report KDE security bugs by using the
"security" product or by email?
Classification: Websites
Product: bugs.kde.org
Version: unspecified
Platform: Other
OS: Other
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Target Milestone: ---
SUMMARY
When opening a new bug on KDE bugtracker, after picking "Miscellaneous" ("KDE
software that doesn't fit into any of the above groups") on the first page,
there is a "security" product which can be chosen. Its description is "security
bugs that should stay private".
However, according to the bug reporting instructions [1], the user should
report security issues by email.
EXPECTED RESULT
If users should report security issues only by email (i.e. the "security"
product is reserved), the "security" product should be hidden on the bug
product picker page (or its description can be updated to alert users, if it
cannot be hidden).
If users can also use the bugtracker for security issues, maybe it should have
its own classification rather than being under the "Miscellaneous"
classification. Otherwise, users may not know that they can use the "security"
product to make the bug private.
[1]
https://community.kde.org/Get_Involved/Issue_Reporting#Step_0:_Is_it_a_security_issue.3F
--
You are receiving this mail because:
You are watching all bug changes.
