James Carlson wrote:
> Valerie Bubb Fenwick writes:
>> We am looking at things that are missing from bugzilla
>> that would hold us back from using this as the sole
>> bugtracking tool for Solaris/OpenSolaris, instead of
>> the two we are using now.
>
> In addition to Danek's fairly complete comparison (and I agree that
> treating RFE as a "severity" is really weird):
>
> "Can't Live Without"
>
> We use that "security" flag to bowdlerize bug reports. Bugzilla
> seems to have no equivalent.
It's not setup in our bugzilla yet, but I actually prefer the way this is
handled in the bugzilla installation we use at X.Org over the bugster way -
security bugs are flagged as private to the security team until advisory
release, once the advisory is public, the flag is removed and the bug becomes
publicly visible. Not being able to have SunSolve or bugs.opensolaris.org
follow a bug link for a known security bug and get at least as much information
as is in the Sun Alert, instead getting a "No such bugid" message, is just
annoying.
Anything that really needs to stay permanently secret isn't really a security
handling issue, but just another instance of the general "handling confidential
data" issue, along with customer & partner confidential information.
--
-Alan Coopersmith- alan.coopersm...@sun.com
Sun Microsystems, Inc. - X Window System Engineering
_______________________________________________
tools-discuss mailing list
tools-discuss@opensolaris.org
