From: Michael Zimmermann <sigmaepsilon92@gmail.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
edk2-devel-01 <edk2-devel@ml01.01.org>
Subject: Re: Tianocore Bugzilla Server is now live
Date: Tue, 2 Aug 2016 21:43:04 +0200 [thread overview]
Message-ID: <CAN9vWDKs=_KXG6aONW-YT0RjT646hqpQKUJx8W0_cJptuL5wNA@mail.gmail.com> (raw)
In-Reply-To: <c765bb0b-78bb-c0f4-638b-01e070691c71@redhat.com>
How are security issues treated in UEFI anyway?
Are they kept a secret forever or just for a specific time span?
A reason for keeping them a secret forever(while pushing
unsuspicious fixes) probably would be the fact that most UEFI systems don't
get updated.
Thanks
Michael
On Tue, Aug 2, 2016 at 9:34 PM, Laszlo Ersek <lersek@redhat.com> wrote:
> On 08/02/16 21:10, Kinney, Michael D wrote:
> > Michael,
> >
> > I am open to suggestions on this topic.
> >
> > If there is a strong opinion that we need to protect specific fields
> > from being modified, then we can look into updating the configuration.
> >
> > I think with Bugzilla change history and edk2-bugs mailing list, we can
> > all see the changes to any issue, so even if someone does do an
> > incorrect edit, I think we can put it back.
>
> Does "editbugs" include changing the product from "Tianocore Security
> Issues" to something else, possibly exposing the security issue to the
> world?
>
> Hm... It probably doesn't matter. If a security issue can be looked at
> (which is a pre-requisite for the product field to be changed) by anyone
> in the first place, then they can expose the contents to the world in
> other ways too. :)
>
> So I think trusting all registered accounts with "editbugs" is a good
> starting point too.
>
> Thanks
> Laszlo
>
>
> > *From:*Michael Zimmermann [mailto:sigmaepsilon92@gmail.com]
> > *Sent:* Tuesday, August 2, 2016 11:57 AM
> > *To:* Laszlo Ersek <lersek@redhat.com>
> > *Cc:* Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel-01
> > <edk2-devel@ml01.01.org>
> > *Subject:* Re: [edk2] Tianocore Bugzilla Server is now live
> >
> >
> >
> > Is it just my account or does everybody have the permission
> > "editbugs Can edit all bug fields"?
> >
> >
> >
> > It sounds like this is something only moderators should be able to do.
> >
> >
> >
> > Thanks
> >
> > Michael
> >
> >
> >
> > On Thu, Jul 21, 2016 at 8:43 PM, Laszlo Ersek <lersek@redhat.com
> > <mailto:lersek@redhat.com>> wrote:
> >
> > On 07/21/16 20:07, Kinney, Michael D wrote:
> > > Laszlo,
> > >
> > > Try again...it was disabled for a short period of time.
> >
> > Yes, it's working now.
> >
> > I'll let you know when I'm done with the clipboard "wizardry" and the
> > occasional reformatting :)
> >
> > Thanks!
> > Laszlo
> >
> > >> -----Original Message-----
> > >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org
> > <mailto:edk2-devel-bounces@lists.01.org>] On Behalf Of Laszlo Ersek
> > >> Sent: Thursday, July 21, 2016 10:33 AM
> > >> To: Kinney, Michael D <michael.d.kinney@intel.com <mailto:
> michael.d.kinney@intel.com>>
> > >> Cc: edk2-devel-01 <edk2-devel@ml01.01.org <mailto:
> edk2-devel@ml01.01.org>>
> > >> Subject: Re: [edk2] Tianocore Bugzilla Server is now live
> > >>
> > >> On 07/21/16 19:05, Kinney, Michael D wrote:
> > >>> Laszlo,
> > >>>
> > >>> Yes. We can hold off disabling GitHub. Let us know when you
> are ready.
> > >>
> > >> Thank you! However, github is rejecting my new comments in the
> browser
> > >> tabs that I have open already, and it rejects my fresh requests
> for
> > >> issue URLs.
> > >>
> > >> Thanks,
> > >> Laszlo
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
> > https://lists.01.org/mailman/listinfo/edk2-devel
> >
> >
> >
>
>
next prev parent reply other threads:[~2016-08-02 19:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E92EE9817A31E24EB0585FDF735412F5647E2C92@ORSMSX113.amr.corp.intel.com>
[not found] ` <79672ab9-15b9-a44e-f37a-313093489d9b@redhat.com>
[not found] ` <E92EE9817A31E24EB0585FDF735412F5647E32F6@ORSMSX113.amr.corp.intel.com>
[not found] ` <e22f28c1-ced1-5fd0-3a97-b923f0c42398@redhat.com>
[not found] ` <E92EE9817A31E24EB0585FDF735412F5647E364F@ORSMSX113.amr.corp.intel.com>
[not found] ` <52fe8d21-7c6c-3b48-e336-30042a6fae8f@redhat.com>
[not found] ` <E92EE9817A31E24EB0585FDF735412F5647E3784@ORSMSX113.amr.corp.intel.com>
[not found] ` <15ba9a6e-c793-4e22-3f38-cc95c34b0ff0@redhat.com>
2016-08-02 18:57 ` Tianocore Bugzilla Server is now live Michael Zimmermann
2016-08-02 19:10 ` Kinney, Michael D
2016-08-02 19:34 ` Laszlo Ersek
2016-08-02 19:43 ` Michael Zimmermann [this message]
2016-08-02 20:56 ` Andrew Fish
2016-08-02 19:15 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN9vWDKs=_KXG6aONW-YT0RjT646hqpQKUJx8W0_cJptuL5wNA@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox