On 02/10/2016 09:10 PM, Boris Zbarsky wrote:
I don't know why the setup we have in place for explicitly triaging
security bugs failed in this case, or what happened with the mails to
secur...@mozilla.org, since I'm not privy to the former nor on the
latter list. Something clearly failed badly there. :(
In any case, thank you very much for both filing the bugs and for
bringing this issue up. For these two particular bugs, we're going to
figure out who can look at them who somewhat understands the relevant
code and has time; this will likely take a few days to sort out. For
the general problem, I think the regular triage rotations will give us a
much better handle on things and will prevent things from falling
through the cracks like this.
Thanks and thanks for looking at the bugs. That does sound great and
yes, I think it will indeed help to handle all bugs in time. Still, I
think at least something about an expected reaction time should be added
to, e.g. the bug bounty document. Right now, you have zero indication in
these documents after which time you have to worry about reported bugs
not being noticed.
Best regards,
Rafael
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
