Comment 10 for bug 61909
Revision history for this message
| Kees Cook (kees) wrote Re: Security contact unsubscription should be simpler | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Okay, this change has cause a serious regression in my ability to monitor security bugs. :( The "implicit" subscription doesn't appear to be doing anything except letting me view the bugs. I need two things:
- to be notified when a security bug changes/created
- to have bugs show up as being subscribed to
For example, I check for security bugs with:
https:/
This list does not show:
https:/
Also, I never got an emails about 90662 being created/tagged.
Is there some other way to search for security bugs, at this point, it was just blind luck that this was discovered since Brian saw the above bug and brought it to my attention.
Which gets to the next issue:
When someone creates a new bug, since the "security" flag does not exist on the "open bug" page, it gets Ubuntu-Bugs subscribed, and when they mark it "private", it results in anyone on the bug squad being able to read the report. Also, I'm guessing initial emails are sent, so if sensitive information is contained in the description, it ends up in an email archive before they can flag it private/security.