Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 705894

Summary: bugzilla: de-embargo old security bugs
Product: Gentoo Infrastructure Reporter: Michael Orlitzky <mjo>
Component: BugzillaAssignee: Bugzilla Admins <bugzilla>
Severity: normal CC: blueknight, infra-bugs, k_f, security-audit, zx2c4
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Michael Orlitzky gentoo-dev 2020-01-19 21:26:43 UTC
On 1/19/20 2:37 PM, Robin H. Johnson wrote:
> Please file a bug to infra with the list of old security embargoed bugs,
> and we can help you get them fixed (probably by helping you review them
> first).

Here's a list of open security bugs, all of which should be de-embargoed and assigned to security@ instead of security-audit@:

The following should also be de-embargoed. These are RESO/FIXED bugs that I've closed myself after I got tired of waiting for a response from security-audit@:

And finally, the RESO/OBSOLETE ones:

I would also suggest discontinuing the security-audit@ sub-project and the embargo feature entirely. I can't say the experience has been great. These bugs don't show up in a search, and often the maintainers can't see them because adding a project to CC doesn't allow the project members to see the bug. No one reassigns them when metadata.xml is changed, etc. The security-audit@ email address is /dev/null as far as I can tell.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2020-01-20 06:32:50 UTC
your mail alias presently goes to k_f,zx2c4,blueknight

mjo is not a member of either security@ or security-audit@, so I'm looking for confirmation that the bugs should be bulk-moved to security@ for further triage instead of security-audit@.

I feel looking at the bugs, that the maintainers of those packages never saw the bugs, because they weren't properly on the CC list, and/or they explicitly search for those assigned to the alias.
Comment 2 Michael Orlitzky gentoo-dev 2020-04-03 13:02:31 UTC
(In reply to Robin Johnson from comment #1)
> security-audit:
> your mail alias presently goes to k_f,zx2c4,blueknight
> ...

If this was going to work, we wouldn't be here in the first place =)
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2020-04-03 23:25:55 UTC
Processed now
Comment 4 Michael Orlitzky gentoo-dev 2020-04-03 23:27:17 UTC
Awesome, thanks!