Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 705894 - bugzilla: de-embargo old security bugs
Summary: bugzilla: de-embargo old security bugs
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Bugzilla (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Bugzilla Admins
Depends on:
Reported: 2020-01-19 21:26 UTC by Michael Orlitzky
Modified: 2020-04-03 23:27 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Orlitzky gentoo-dev 2020-01-19 21:26:43 UTC
On 1/19/20 2:37 PM, Robin H. Johnson wrote:
> Please file a bug to infra with the list of old security embargoed bugs,
> and we can help you get them fixed (probably by helping you review them
> first).

Here's a list of open security bugs, all of which should be de-embargoed and assigned to security@ instead of security-audit@:

The following should also be de-embargoed. These are RESO/FIXED bugs that I've closed myself after I got tired of waiting for a response from security-audit@:

And finally, the RESO/OBSOLETE ones:

I would also suggest discontinuing the security-audit@ sub-project and the embargo feature entirely. I can't say the experience has been great. These bugs don't show up in a search, and often the maintainers can't see them because adding a project to CC doesn't allow the project members to see the bug. No one reassigns them when metadata.xml is changed, etc. The security-audit@ email address is /dev/null as far as I can tell.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2020-01-20 06:32:50 UTC
your mail alias presently goes to k_f,zx2c4,blueknight

mjo is not a member of either security@ or security-audit@, so I'm looking for confirmation that the bugs should be bulk-moved to security@ for further triage instead of security-audit@.

I feel looking at the bugs, that the maintainers of those packages never saw the bugs, because they weren't properly on the CC list, and/or they explicitly search for those assigned to the alias.
Comment 2 Michael Orlitzky gentoo-dev 2020-04-03 13:02:31 UTC
(In reply to Robin Johnson from comment #1)
> security-audit:
> your mail alias presently goes to k_f,zx2c4,blueknight
> ...

If this was going to work, we wouldn't be here in the first place =)
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2020-04-03 23:25:55 UTC
Processed now
Comment 4 Michael Orlitzky gentoo-dev 2020-04-03 23:27:17 UTC
Awesome, thanks!