Alan Coopersmith wrote:
> Gary Winiger wrote:
>>> Thanks Gary! Is there an official bugid on sunsolve to track this?
>>
>> Not being a field agent I'm not sure how bugs are tracked on
>> sunsolve.
>
> Sadly, anything marked as a security bug is explicitly excluded from
> sunsolve,
> as well as bugs.opensolaris.org. Perhaps we should create a
> "security-open"
> keyword for bugs like this in which all the information that
> sunsolve/boo would expose is already public so they can be published as
> well.
>
Not really necessary. Just avoid marking it as a security bug.
That marking is intended to keep the bug details private until patches
are released. For a publicly-known exploit, it's not necessary.
Scott
