Dne 08. 09. 22 v 19:32 Maxwell G via devel napsal(a):
On Thursday, September 8, 2022 Neal Gompa wrote:
> Fedora maintainers are CC'd often on the parent bug to bypass the
> private bug status while a bug is "under development". This has
> happened a few times for me as a maintainer of crypto-adjacent
> packages.
That's a good point. I guess they could fix that by copying the description
into the Fedora bug like Kevin said and/or making those "under development"
security bugs private to all Fedora contributors instead of CCing specific
people.
However, I think that the idea is that whatever should be said about the
CVE should be said in the main tracer. The fedora tracker should be used
just to not forget to fix this in Fedora.
Nevertheless, this might soon become non issue given:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
Vít