On 12/01/2011 08:39 AM, Matthew Revell wrote: >> Right now, only people who can see the security bug can remove its >> security status, right? What happens in a world where we have >> disclosed (i.e. public) security bug reports? Who gets to remove the >> security status/tag?
Right now, anyone who is subscribed to a bug can toggle the security and privacy states. Right now, there are about 4000 public security bugs. It is common to make security bugs public when the fix is available. Lp's UI does not make the current practice clear. > To clarify: I think it should still be the security team, even if the > security bug is public. No user has ever reported a bug suggesting a restriction of who can change the status. -- Curtis Hovey http://launchpad.net/~sinzui
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
