On Wed, Jan 24, 2024 at 07:20:34AM -0800, Vincent Zimmer wrote:
> I agree on your sentiment about Bugzilla (bz) not being ideal for this.
> This space has been a multi-year journey from usrt-based tickets, bespoke
> advisories, bz, etc into today's world of tianocore infosec, tianocore as
> its own
On 1/24/24 16:20, Vincent Zimmer wrote:
> I agree on your sentiment about Bugzilla (bz) not being ideal for this.
> This space has been a multi-year journey from usrt-based tickets,
> bespoke advisories, bz, etc into today's world of tianocore infosec,
> tianocore as its own CVE Naming Authority (C
I agree on your sentiment about Bugzilla (bz) not being ideal for this.
This space has been a multi-year journey from usrt-based tickets, bespoke
advisories, bz, etc into today's world of tianocore infosec, tianocore as
its own CVE Naming Authority (CNA) and working to leverage the extant
features
On 1/24/24 15:35, Laszlo Ersek wrote:
> I figure the most flexible approach for those that dislike email-based
> review for embargoed patches would be if github.com supported locked
> down *PRs* (i.e., not private organizatons). In other words, if those
> PRs would be submitted against the same ba
On 1/23/24 19:49, Doug Flick via groups.io wrote:
> Gerd,
>
> As a new EDK2 developer, I'm working through getting the patches up
> to EDK2 but I have to follow the EDK2 patch process which is not the
> fastest thing to follow and also not my day job. If you want to see
> where I am you can look a
Gerd,
As a new EDK2 developer, I'm working through getting the patches up to EDK2 but
I have to follow the EDK2 patch process which is not the fastest thing to
follow and also not my day job. If you want to see where I am you can look at
the CI Pipeline. The patches were reviewed during the GHS
Hi,
What is the state of affairs wrt. the pixiefail vulnerabilities?
The advisory is published
(https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h),
it says the plan is to have the fixes included in the next (Feb 2024)
stable tag. I see bugzilla has patches attached, mos