On Wed, Aug 04, 2021 at 03:39:45PM -0500, Joseph Reynolds wrote:

On 8/4/21 3:09 PM, Patrick Williams wrote:

On Wed, Aug 04, 2021 at 01:47:31PM -0500, Joseph Reynolds wrote:

4 Surya set up a bugzilla within Intel and will administer it.  Demo’d

the database. We briefly examined the database fields and agreed it

looks like a good start.

Once again I'll ask ***WHY***??!?

https://lore.kernel.org/openbmc/YNzsE1ipYQR7yfDq@heinlein/

https://lore.kernel.org/openbmc/YPiK8xqFPJFZDa1+@heinlein/

Can we please create a private Github repository and be done with this topic?

I don't have any insight into how to resolve this question.

From today's meeting: using bugzilla has advantages over github issues:

- lets us define the fields we need: fix commitID, CVSS score, etc.

These are pretty minor when you could just add a comment template with this
information.

- has desirable access controls, specifically acess by the security

respone tram plus we can add access for the problem submitter and the

problem fixer

So does Github.

----

I really don't think that some subset of the community should go off on their
own bug tracking system.  This is a waste of time to maintain and just further
segments this "Security Team" off in their own bubble.

--
Patrick Williams