Comment 5 for bug 61909
Revision history for this message
| Kees Cook (kees) wrote Re: Security subscription should be implicit | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I would agree that the multi-step process of unchecking "security" and then having to unsubscribe the security team is a hassle.
Brad's comments weren't clear to me, so I guess to have an opinion about this, I'd need to get the following clarified:
- who can flag/unflag a bug as being a security issue? (I would be uncomfortable if it were "just anyone" and things were changed so that the security team would become unsubscribed when the flag was unchecked. e.g. perhaps their definition and my definition of a "security issue" are different, and suddenly I'd silently stop getting any updates on the bug)
- who can read a bug report when it is flagged as private? (I have always assumed it is the subscribers. As the CVE tracking is moved into Malone there WILL be use-cases where we need a bug report to be visible ONLY to the security team and people explicitly subscribed to the bug. i.e. just because you have your bugmail settings setup to subscribe you to a package doesn't mean you should be able to see embargoed security bugs)