On Thu, Sep 8, 2022 at 6:17 AM Petr Pisar <ppi...@redhat.com> wrote:
>
> V Thu, Sep 08, 2022 at 01:06:17AM +0200, Kevin Kofler via devel napsal(a):
> > Maxwell G via devel wrote:
> > > I don't think Fedora packagers should be CCed on these global trackers.
> >
> > The problem is that, as it stands, those global trackers are the only place
> > that actually explains (usually in one paragraph) what the security issue
> > actually is. The [fedora-all] trackers are pretty useless considering that
> > they contain no information whatsoever beyond the subject line. (Their only
> > relevant content is the state, mainly whether they are open or closed.)
> >
> [fedora-all] bugs links to the vulnerability tracker with Bugzilla
> dependencies. For me it's pretty obvious where to find the details. If it's
> not for obvious for others, then an additional sentence in the [fedora-all]
> description text ("More details about this vulnerability are in bug #NNN")
> could help.
>Fedora maintainers are CC'd often on the parent bug to bypass the private bug status while a bug is "under development". This has happened a few times for me as a maintainer of crypto-adjacent packages. But yeah, some of it is definitely not right and last year I got spammed with so much that Gmail started rate limiting me. I had to turn several lists into digest mode to go back under. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
