Has this been read through?
https://docs.github.com/en/code-security/security-advisories/about-github-security-advisoriesOn Aug 4, 2021, at 3:49 PM, Patrick Williams <patrick@stwcx.xyz> wrote:
On Wed, Aug 04, 2021 at 03:39:45PM -0500, Joseph Reynolds wrote:On 8/4/21 3:09 PM, Patrick Williams wrote:
On Wed, Aug 04, 2021 at 01:47:31PM -0500, Joseph Reynolds wrote:
4 Surya set up a bugzilla within Intel and will administer it. Demo’d
the database. We briefly examined the database fields and agreed it
looks like a good start.
Once again I'll ask ***WHY***??!?
https://lore.kernel.org/openbmc/YNzsE1ipYQR7yfDq@heinlein/
https://lore.kernel.org/openbmc/YPiK8xqFPJFZDa1+@heinlein/
Can we please create a private Github repository and be done with this topic?
I don't have any insight into how to resolve this question.
From today's meeting: using bugzilla has advantages over github issues:
- lets us define the fields we need: fix commitID, CVSS score, etc.
These are pretty minor when you could just add a comment template with thisinformation.- has desirable access controls, specifically acess by the security
respone tram plus we can add access for the problem submitter and the
problem fixer
So does Github.----I really don't think that some subset of the community should go off on theirown bug tracking system. This is a waste of time to maintain and just furthersegments this "Security Team" off in their own bubble.-- Patrick Williams