Fedora 7 and the Security Response Team
Christopher Aillon
caillon at redhat.com
Mon Jun 11 18:55:43 UTC 2007
Kevin Fenzi wrote:
> - Should the filed bug have a CC to the list? I guess you mentioned
> this above. I think it's probibly a good idea so folks can see the
> progress of fixes.
I don't think we want to do this. Imagine someone files a bug to us
with an embargo date of: future. Someone reading the list archives
could easily get that information and release it to the public ahead of
the embargo date. Essentially, by cc:ing a public list, we broke the
embargo ourselves.
We want to honor embargos as much as possible, so we can continue being
in good favor with those who give us advance notification.
Additionally, when we are planning to release something on a given day,
and it turns out to get leaked, we have to scramble much more quickly.
Not good for many reasons.
More information about the security
mailing list