Security Working Group meeting - Wednesday August 4 - results
Patrick Williams
patrick at stwcx.xyz
Thu Aug 5 06:49:09 AEST 2021
On Wed, Aug 04, 2021 at 03:39:45PM -0500, Joseph Reynolds wrote:
> On 8/4/21 3:09 PM, Patrick Williams wrote:
> > On Wed, Aug 04, 2021 at 01:47:31PM -0500, Joseph Reynolds wrote:
> >
> >> 4 Surya set up a bugzilla within Intel and will administer it. Demo’d
> >> the database. We briefly examined the database fields and agreed it
> >> looks like a good start.
> >>
> > Once again I'll ask ***WHY***??!?
> >
> > https://lore.kernel.org/openbmc/YNzsE1ipYQR7yfDq@heinlein/
> > https://lore.kernel.org/openbmc/YPiK8xqFPJFZDa1+@heinlein/
> >
> > Can we please create a private Github repository and be done with this topic?
>
> I don't have any insight into how to resolve this question.
>
> From today's meeting: using bugzilla has advantages over github issues:
> - lets us define the fields we need: fix commitID, CVSS score, etc.
These are pretty minor when you could just add a comment template with this
information.
> - has desirable access controls, specifically acess by the security
> respone tram plus we can add access for the problem submitter and the
> problem fixer
So does Github.
----
I really don't think that some subset of the community should go off on their
own bug tracking system. This is a waste of time to maintain and just further
segments this "Security Team" off in their own bubble.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20210804/eca3d096/attachment.sig>
More information about the openbmc
mailing list