Re: Security reports in bugzilla?
- From: John Fleck <jfleck inkstain net>
- To: gnome-2-0-list gnome org, gnome-devel-list gnome org, gnome-bugsquad gnome org
- Subject: Re: Security reports in bugzilla?
- Date: Mon, 17 Dec 2001 20:36:27 -0700
On Mon, Dec 17, 2001 at 06:20:00PM -0500, Elliot Lee wrote:
> On 18 Dec 2001, Franck Martin wrote:
>
> > I have noticed that in bugzilla, you can't flag a problem as a
> > security problem. I think it would be important for gnome to report
> > bugs which may be security hazards. It becomes more and more important
> > that systems shows a high level of security, and that developers are
> > conscious of security implications in their development. As gnome
> > brings more and more features, it may evolve as a security nighmare
> > like windows products if we are not careful.
> >
> > I think with the possibility to flag a problem as a security threat,
> > will bring the attention of the developers on limiting the security
> > problems of their applications.
> >
> > What do you think?
>
> The biggest problem from my point of view is that there are not enough
> people to process the bugs that are filed, and adding a 'security' flag
> won't really help if there is nobody fixing the problems.
>
> There is a gnome-bugsquad list where people interested in helping sort
> through bugs can coordinate. There is also a bugzilla summary report every
> week on gnome-devel-list. At last count, there were around 6700 bugs open.
>
Franck -
I don't think this will really help the problem you'd like to
address. Some maintainers are quickly attentive to the bugs filed on
their packages. They are quick to notice a security bug whether there
is a flag or not, just as they are quick to notice and deal with other
bugs that are serious for a variety of reasons. Some packages have no
one paying attention to bugzilla, in which case a security flag won't help.
What we really need, as Elliot's been trying to encourage with his bug
nag reports, is more people paying attention to bugzilla.
Cheers,
--
John Fleck
jfleck inkstain net (h), http://www.inkstain.net/fleck/
"A M00se once bit my sister..."
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]