Security Working Group meeting - Wednesday August 4 - results
Joseph Reynolds
jrey at linux.ibm.com
Thu Aug 5 06:39:45 AEST 2021
On 8/4/21 3:09 PM, Patrick Williams wrote:
> On Wed, Aug 04, 2021 at 01:47:31PM -0500, Joseph Reynolds wrote:
>
>> 4 Surya set up a bugzilla within Intel and will administer it. Demo’d
>> the database. We briefly examined the database fields and agreed it
>> looks like a good start.
>>
> Once again I'll ask ***WHY***??!?
>
> https://lore.kernel.org/openbmc/YNzsE1ipYQR7yfDq@heinlein/
> https://lore.kernel.org/openbmc/YPiK8xqFPJFZDa1+@heinlein/
>
> Can we please create a private Github repository and be done with this topic?
I don't have any insight into how to resolve this question.
From today's meeting: using bugzilla has advantages over github issues:
- lets us define the fields we need: fix commitID, CVSS score, etc.
- has desirable access controls, specifically acess by the security
respone tram plus we can add access for the problem submitter and the
problem fixer
- Joseph
More information about the openbmc
mailing list