On 08/24/2011 08:50 PM, Samuel Verschelde wrote:
Hi,
I was told that QA Team's work's visibility needs to be improved, so as a team
member I'll try to give you some sort of status report.
- 1 has been validated by QA one month ago, but was assigned to security team
following updates policy for security fixes, and got not answer. We have to
improve either the policy or the security team here (or both).
Do you have a pointer to this bug? I'm not finding it in bugzilla. I'm
not sure what I can do with it once assigned back to secteam, aside from
write an advisory text. I don't have admin rights to release it, etc.
(afaik). It was basically my understanding that the secteam role is to
initiate the bug, provide patches, POC, and advisory text and the
maintainer do the update and pass it on to QA. I've stopped even
intiating because they are just sitting there in the new/unassigned
state. some for 2 months or more now. While a shiny new KDE is nice, not
pushing updates for published vulnerabilities makes us look bad, imho.
--
Stew Benedict
