On Thu, Aug 25, 2011 at 2:09 PM, Stew Benedict <[email protected]> wrote: > On 08/24/2011 08:50 PM, Samuel Verschelde wrote: >> >> Hi, >> >> I was told that QA Team's work's visibility needs to be improved, so as a >> team >> member I'll try to give you some sort of status report. > >> - 1 has been validated by QA one month ago, but was assigned to security >> team >> following updates policy for security fixes, and got not answer. We have >> to >> improve either the policy or the security team here (or both). > > Do you have a pointer to this bug? I'm not finding it in bugzilla. I'm not > sure what I can do with it once assigned back to secteam, aside from write > an advisory text. I don't have admin rights to release it, etc. (afaik). It > was basically my understanding that the secteam role is to initiate the bug, > provide patches, POC, and advisory text and the maintainer do the update and > pass it on to QA. I've stopped even intiating because they are just sitting > there in the new/unassigned state. some for 2 months or more now. While a > shiny new KDE is nice, not pushing updates for published vulnerabilities > makes us look bad, imho.
i agree on this point, and this is really something we need to improve quickly
