On Mon, 12 Feb 2007, Alan Coopersmith wrote: > Scott Rotondo wrote: >> Alan Coopersmith wrote: >>> Gary Winiger wrote: >>>>> Thanks Gary! Is there an official bugid on sunsolve to track this? >>>> >>>> Not being a field agent I'm not sure how bugs are tracked on >>>> sunsolve. >>> >>> Sadly, anything marked as a security bug is explicitly excluded from >>> sunsolve, >>> as well as bugs.opensolaris.org. Perhaps we should create a >>> "security-open" >>> keyword for bugs like this in which all the information that sunsolve/boo >>> would expose is already public so they can be published as well. >>> >> >> Not really necessary. Just avoid marking it as a security bug. > > Won't that break the internal tracking of security bugs to make sure > the patches are released as free security patches and Sun Alerts are > issued for them? >
You're right, Alan. We should probably come up with a better way to handle this. Right now, we need to tag them to make sure they get the right level of attention & all the correct things happen, with respect to RTIs getting the highest priority, and the security tag also gives it the highest priority in the patch gates, with patch testing, and on getting pushed to SunSolve. Valerie -- Valerie Bubb, http://blogs.sun.com/bubbva Solaris Security Technologies, Developer, Sun Microsystems, Inc. 17 Network Circle, Menlo Park, CA, 94025. 650-786-0461
