1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 03/22/2015 04:07 PM, Sven Vermeulen wrote: |
5 |
> Hi all |
6 |
> |
7 |
|
8 |
|
9 |
.. |
10 |
|
11 |
> |
12 |
> """ Exceptions are made for - security-related information, when |
13 |
> there are valid reasons (such as a responsible disclosure process) |
14 |
> not to publicize the content of the bug before a certain deadline |
15 |
|
16 |
If we're updating the language of this it is probably worthwhile to |
17 |
clarify the possibility of a CLASSIFIED bug c.f. [0]: "There are three |
18 |
different types of restricted bugs. The first (and most secret) ones |
19 |
are the CLASSIFIED bugs. A bug is classified when it contains |
20 |
information that should never be released. This includes quotes of |
21 |
personal emails sent to restricted mailing-lists or non-public |
22 |
intermediary patches. Classified bugs are identified by the CLASSIFIED |
23 |
keyword in their Status Whiteboard. Once CLASSIFIED, a bug cannot go |
24 |
back to unclassified status unless at least two security managers |
25 |
agree to declassify it. CLASSIFIED bugs should never be opened |
26 |
(unrestricted). " |
27 |
|
28 |
the language matches the more common "The second type of restricted |
29 |
bugs is CONFIDENTIAL bugs. These are bugs that contain information |
30 |
that should be kept secret until an agreed-upon coordinated release |
31 |
date. No part of the bug (affected package name, description, proposed |
32 |
patch or whatever) should ever leak outside the bug. Patches must NOT |
33 |
be committed to portage CVS." |
34 |
|
35 |
|
36 |
References: |
37 |
[0] |
38 |
http://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Restricted_bugs |
39 |
|
40 |
- -- |
41 |
Kristian Fiskerstrand |
42 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
43 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
44 |
-----BEGIN PGP SIGNATURE----- |
45 |
|
46 |
iQEcBAEBCgAGBQJVDt1OAAoJEP7VAChXwav6eRMH/0MGBbkWAzVTZzqoAuydNE8h |
47 |
cDjvSssedFt5eC+7BCi4n8Y5LRLdNavL+0M02Hf0RB9Pqow4UXs0yeqX8YordJJR |
48 |
KzyBRITmCC7eQNFDJtf7uxKCpzPJR0ZqK+Ia9AWCPPpNxDGq8jSHF5rqxSi+Dwb3 |
49 |
jWndH1mQUbA4Xvq6VLdkfmCNYo6sY8Fpf64rSycMkkJNrf9+7LEmipxLXGcOdcsz |
50 |
McQKeN7DENP0LGz3lH8HdXLp/eYULlgrQdr3/+RLb0aH1sr09h678Y3JIsqkhxKv |
51 |
jWaqaTlsNIeAl2LTFFqOfvCrp/DEOXMf/FfBrESeFJ1JiHlP7rrW4qsNzjyltso= |
52 |
=qvoD |
53 |
-----END PGP SIGNATURE----- |