Has this been read through? https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories > On Aug 4, 2021, at 3:49 PM, Patrick Williams wrote: > > On Wed, Aug 04, 2021 at 03:39:45PM -0500, Joseph Reynolds wrote: >>> On 8/4/21 3:09 PM, Patrick Williams wrote: >>>> On Wed, Aug 04, 2021 at 01:47:31PM -0500, Joseph Reynolds wrote: >>> >>>> 4 Surya set up a bugzilla within Intel and will administer it. Demo’d >>>> the database. We briefly examined the database fields and agreed it >>>> looks like a good start. >>>> >>> Once again I'll ask ***WHY***??!? >>> >>> https://lore.kernel.org/openbmc/YNzsE1ipYQR7yfDq@heinlein/ >>> https://lore.kernel.org/openbmc/YPiK8xqFPJFZDa1+@heinlein/ >>> >>> Can we please create a private Github repository and be done with this topic? >> >> I don't have any insight into how to resolve this question. >> >> From today's meeting: using bugzilla has advantages over github issues: >> - lets us define the fields we need: fix commitID, CVSS score, etc. > > These are pretty minor when you could just add a comment template with this > information. > >> - has desirable access controls, specifically acess by the security >> respone tram plus we can add access for the problem submitter and the >> problem fixer > > So does Github. > > ---- > > I really don't think that some subset of the community should go off on their > own bug tracking system. This is a waste of time to maintain and just further > segments this "Security Team" off in their own bubble. > > -- > Patrick Williams