On Nov 12, 2015, at 10:05 AM, David Cafaro <dac(a)cafaro.net>
wrote:
Hello All,
While looking through our unowned tickets via the links from the page here:
http://fedoraproject.org/wiki/Security_Team
I noticed that we were filtering on Priority and not Severity. Because
of this tickets here:
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASS...
That have a severity rating of High, were being grouped under the
Unknown listing, since priority was unspecified.
I propose updating the links and any scripts to filter on Severity and
not Priority as we are concerned with the security impact and not the
projects chosen priority for the fix.
Any issues with that?
So based on feed back from this thread and the IRC meeting today I update the unowned
search links on the FST page to search for both Severity and Priority, but independently.
That way if either priority or severity are set to say “high” it will show up in the list
of important vulnerabilities.
This change only caused one search result set change. There is now an additional ticket
showing up in the unowned Important list:
https://bugzilla.redhat.com/show_bug.cgi?id=1209214
I did not update the other links as once they are owned, we can fix the priority or
severity, or at minimum it’s now being tracked.
Cheers,
David