On Fri, 10 Sept 2021 at 16:34, Daniel P. Berrangé <berra...@redhat.com> wrote: > I think it might be worth leaving a warning here despite adding it > to the main contribute index page, as people might land directly on > this page and not see the other page's warning. > > > Do NOT report security issues (or other bugs, too) as "private" bugs in the > > bug tracker. QEMU has a [security process](../security-process) for issues > > that should be reported in a non-public way instead.
Isn't that text for the old launchpad bug tracker? The gitlab UI equivalent to launchpad "private" bugs is that there's a tickybox for "This issue is confidential". (At least accidental confidential gitlab bugs won't have the same "vanishes into a black hole that nobody looks at" property that LP private bugs did.) -- PMM
