<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Has this been read through?<div><br></div><div><a href="https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories">https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories</a><br><div dir="ltr"><br><blockquote type="cite">On Aug 4, 2021, at 3:49 PM, Patrick Williams <patrick@stwcx.xyz> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>On Wed, Aug 04, 2021 at 03:39:45PM -0500, Joseph Reynolds wrote:</span><br><blockquote type="cite"><span>On 8/4/21 3:09 PM, Patrick Williams wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>On Wed, Aug 04, 2021 at 01:47:31PM -0500, Joseph Reynolds wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>4 Surya set up a bugzilla within Intel and will administer it.  Demo’d</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>the database. We briefly examined the database fields and agreed it</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>looks like a good start.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Once again I'll ask ***WHY***??!?</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>https://lore.kernel.org/openbmc/YNzsE1ipYQR7yfDq@heinlein/</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>https://lore.kernel.org/openbmc/YPiK8xqFPJFZDa1+@heinlein/</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Can we please create a private Github repository and be done with this topic?</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>I don't have any insight into how to resolve this question.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> From today's meeting: using bugzilla has advantages over github issues:</span><br></blockquote><blockquote type="cite"><span>- lets us define the fields we need: fix commitID, CVSS score, etc.</span><br></blockquote><span></span><br><span>These are pretty minor when you could just add a comment template with this</span><br><span>information.</span><br><span></span><br><blockquote type="cite"><span>- has desirable access controls, specifically acess by the security </span><br></blockquote><blockquote type="cite"><span>respone tram plus we can add access for the problem submitter and the </span><br></blockquote><blockquote type="cite"><span>problem fixer</span><br></blockquote><span></span><br><span>So does Github.</span><br><span></span><br><span>----</span><br><span></span><br><span>I really don't think that some subset of the community should go off on their</span><br><span>own bug tracking system.  This is a waste of time to maintain and just further</span><br><span>segments this "Security Team" off in their own bubble.</span><br><span></span><br><span>-- </span><br><span>Patrick Williams</span><br></div></blockquote></div></body></html>