| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 03/22/2015 04:07 PM, Sven Vermeulen wrote: |
| 5 |
> Hi all |
| 6 |
> |
| 7 |
|
| 8 |
|
| 9 |
.. |
| 10 |
|
| 11 |
> |
| 12 |
> """ Exceptions are made for - security-related information, when |
| 13 |
> there are valid reasons (such as a responsible disclosure process) |
| 14 |
> not to publicize the content of the bug before a certain deadline |
| 15 |
|
| 16 |
If we're updating the language of this it is probably worthwhile to |
| 17 |
clarify the possibility of a CLASSIFIED bug c.f. [0]: "There are three |
| 18 |
different types of restricted bugs. The first (and most secret) ones |
| 19 |
are the CLASSIFIED bugs. A bug is classified when it contains |
| 20 |
information that should never be released. This includes quotes of |
| 21 |
personal emails sent to restricted mailing-lists or non-public |
| 22 |
intermediary patches. Classified bugs are identified by the CLASSIFIED |
| 23 |
keyword in their Status Whiteboard. Once CLASSIFIED, a bug cannot go |
| 24 |
back to unclassified status unless at least two security managers |
| 25 |
agree to declassify it. CLASSIFIED bugs should never be opened |
| 26 |
(unrestricted). " |
| 27 |
|
| 28 |
the language matches the more common "The second type of restricted |
| 29 |
bugs is CONFIDENTIAL bugs. These are bugs that contain information |
| 30 |
that should be kept secret until an agreed-upon coordinated release |
| 31 |
date. No part of the bug (affected package name, description, proposed |
| 32 |
patch or whatever) should ever leak outside the bug. Patches must NOT |
| 33 |
be committed to portage CVS." |
| 34 |
|
| 35 |
|
| 36 |
References: |
| 37 |
[0] |
| 38 |
http://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Restricted_bugs |
| 39 |
|
| 40 |
- -- |
| 41 |
Kristian Fiskerstrand |
| 42 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
| 43 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
| 44 |
-----BEGIN PGP SIGNATURE----- |
| 45 |
|
| 46 |
iQEcBAEBCgAGBQJVDt1OAAoJEP7VAChXwav6eRMH/0MGBbkWAzVTZzqoAuydNE8h |
| 47 |
cDjvSssedFt5eC+7BCi4n8Y5LRLdNavL+0M02Hf0RB9Pqow4UXs0yeqX8YordJJR |
| 48 |
KzyBRITmCC7eQNFDJtf7uxKCpzPJR0ZqK+Ia9AWCPPpNxDGq8jSHF5rqxSi+Dwb3 |
| 49 |
jWndH1mQUbA4Xvq6VLdkfmCNYo6sY8Fpf64rSycMkkJNrf9+7LEmipxLXGcOdcsz |
| 50 |
McQKeN7DENP0LGz3lH8HdXLp/eYULlgrQdr3/+RLb0aH1sr09h678Y3JIsqkhxKv |
| 51 |
jWaqaTlsNIeAl2LTFFqOfvCrp/DEOXMf/FfBrESeFJ1JiHlP7rrW4qsNzjyltso= |
| 52 |
=qvoD |
| 53 |
-----END PGP SIGNATURE----- |
Archives