From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B8A941A1E13 for ; Tue, 2 Aug 2016 12:43:06 -0700 (PDT) Received: by mail-wm0-x235.google.com with SMTP id o80so305390932wme.1 for ; Tue, 02 Aug 2016 12:43:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6t7ovtVJu+stZClcjCAJ8fksZV7p+muLnxkEkLP3fD0=; b=Oj1HXfq1RjN/V8zY2LPGrgRGuRZqUVWz5xsB2nE3tmtRk/UMIt7mq1Uv3IC7TkDG2t +gu1CRIa1MtCtcaKiF42YZyMggms54nbX1aIJ+Ksd7w8uxPOikYfBgg2kfT5nWW9gd/7 sZOpjhqfCCTZiRTVJH6mQRniphLJ5Gp+8U3w8nZPvVfPsbel6juznwWYuHFgvjxSqnr2 OQP5f8uB3rR9u9ddZ1BD5H78badPTG3dAgifZAZPsL4U6iWGBDji2weTHLvUu/eq5w2V dSjcI+QGMeSM8FLTxyr+AGv2myg9B6JV04viUXgtE6xjz1EL1YmRoif/FzNGc8Q+Bcpc WqYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6t7ovtVJu+stZClcjCAJ8fksZV7p+muLnxkEkLP3fD0=; b=AktYm6OMKeHU14eiIy/K2qX7OH4uDxdZJAyyxQgT4SRl507jpNECONVg8dGEoNMg+q eH53SaBwXh933T9jFhuJLxijFHSDCrF+hu4R+4S15vpsddte9PQvkkT9Adh0CHb3kV3S PT0E1kLL3St2wDgIPRC4np/mOOOTbzhYi1kpNH+pvZULLO0nepWiBCCvpuAl6KKT0iGd 3ZFdyawdybREzPZjOJD0l+n4Y2bo36ANdeNYl/a1L36fMyRRA4oegqccc81/WXQgTYGO D/7YA+6EYraz1SCnxDflg06G0epA3yI4tRaIxWhCfUDbTXYZFbLdo+eKg2r6UBQZLH5P k+ig== X-Gm-Message-State: AEkoouvzOe7NCMSctDE14FctKmOYJ4IABuvEfJPntBxZHJMcqlQuX6wc0VpUw8ygYN56JKR0u/Fo0SN4BG8cCA== X-Received: by 10.194.144.161 with SMTP id sn1mr65205195wjb.29.1470166984970; Tue, 02 Aug 2016 12:43:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.238.198 with HTTP; Tue, 2 Aug 2016 12:43:04 -0700 (PDT) In-Reply-To: References: <79672ab9-15b9-a44e-f37a-313093489d9b@redhat.com> <52fe8d21-7c6c-3b48-e336-30042a6fae8f@redhat.com> <15ba9a6e-c793-4e22-3f38-cc95c34b0ff0@redhat.com> From: Michael Zimmermann Date: Tue, 2 Aug 2016 21:43:04 +0200 Message-ID: To: Laszlo Ersek Cc: "Kinney, Michael D" , edk2-devel-01 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: Tianocore Bugzilla Server is now live X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2016 19:43:07 -0000 Content-Type: text/plain; charset=UTF-8 How are security issues treated in UEFI anyway? Are they kept a secret forever or just for a specific time span? A reason for keeping them a secret forever(while pushing unsuspicious fixes) probably would be the fact that most UEFI systems don't get updated. Thanks Michael On Tue, Aug 2, 2016 at 9:34 PM, Laszlo Ersek wrote: > On 08/02/16 21:10, Kinney, Michael D wrote: > > Michael, > > > > I am open to suggestions on this topic. > > > > If there is a strong opinion that we need to protect specific fields > > from being modified, then we can look into updating the configuration. > > > > I think with Bugzilla change history and edk2-bugs mailing list, we can > > all see the changes to any issue, so even if someone does do an > > incorrect edit, I think we can put it back. > > Does "editbugs" include changing the product from "Tianocore Security > Issues" to something else, possibly exposing the security issue to the > world? > > Hm... It probably doesn't matter. If a security issue can be looked at > (which is a pre-requisite for the product field to be changed) by anyone > in the first place, then they can expose the contents to the world in > other ways too. :) > > So I think trusting all registered accounts with "editbugs" is a good > starting point too. > > Thanks > Laszlo > > > > *From:*Michael Zimmermann [mailto:sigmaepsilon92@gmail.com] > > *Sent:* Tuesday, August 2, 2016 11:57 AM > > *To:* Laszlo Ersek > > *Cc:* Kinney, Michael D ; edk2-devel-01 > > > > *Subject:* Re: [edk2] Tianocore Bugzilla Server is now live > > > > > > > > Is it just my account or does everybody have the permission > > "editbugs Can edit all bug fields"? > > > > > > > > It sounds like this is something only moderators should be able to do. > > > > > > > > Thanks > > > > Michael > > > > > > > > On Thu, Jul 21, 2016 at 8:43 PM, Laszlo Ersek > > wrote: > > > > On 07/21/16 20:07, Kinney, Michael D wrote: > > > Laszlo, > > > > > > Try again...it was disabled for a short period of time. > > > > Yes, it's working now. > > > > I'll let you know when I'm done with the clipboard "wizardry" and the > > occasional reformatting :) > > > > Thanks! > > Laszlo > > > > >> -----Original Message----- > > >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org > > ] On Behalf Of Laszlo Ersek > > >> Sent: Thursday, July 21, 2016 10:33 AM > > >> To: Kinney, Michael D michael.d.kinney@intel.com>> > > >> Cc: edk2-devel-01 edk2-devel@ml01.01.org>> > > >> Subject: Re: [edk2] Tianocore Bugzilla Server is now live > > >> > > >> On 07/21/16 19:05, Kinney, Michael D wrote: > > >>> Laszlo, > > >>> > > >>> Yes. We can hold off disabling GitHub. Let us know when you > are ready. > > >> > > >> Thank you! However, github is rejecting my new comments in the > browser > > >> tabs that I have open already, and it rejects my fresh requests > for > > >> issue URLs. > > >> > > >> Thanks, > > >> Laszlo > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel > > > > > > > >