On Tue, 2010-11-09 at 07:44 +1300, Robert Collins wrote: > """ > We will know this feature woks when the canonical team is an observer > of > all Canonical-owned projects. All the employees can view the private > bugs and branches without hunting someone down to create a > subscription. > """ > > Just for clarity - its my (probably incorrect) understanding that due > to the agreement with the CVE group, we can't disclose security bugs > [in ubuntu] to all staff, only to the nominated security contacts. > > I may be very wrong, but felt I needed to confirm this.
This is the first I have heard of this requirement/restriction. This is not a scary or contradictory change. security_related is a is a separate a flag on a bug that is managed separately from the private flag, I image that something is very wrong if a public branch is linked to a security bug. Maybe branches need a security_related flag too. -- __Curtis C. Hovey_________ http://launchpad.net/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
