From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
P J P <ppandit@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Stefan Hajnoczi <stefanha@gmail.com>
Subject: Re: About 'qemu-security' mailing list
Date: Wed, 16 Sep 2020 14:30:11 +0100 [thread overview]
Message-ID: <20200916133011.GN1535709@redhat.com> (raw)
In-Reply-To: <a799a303-c54f-82ee-0a6b-3fd06a98b10a@redhat.com>
On Wed, Sep 16, 2020 at 03:25:45PM +0200, Thomas Huth wrote:
> On 16/09/2020 15.06, Daniel P. Berrangé wrote:
> > Using a bug tracker has the notable advantage over direct email CC's
> > that if the security triage team needs to pull in a domain specific
> > expert, that newly added person can still see the full history of
> > discussion on the bug.
> >
> > With individual email CC's, the previous discussions are essentially
> > a information blackhole until the security triage team is good enough
> > to forward the full discussion history (this essentially never happens
> > in IME). Mailing list also has that easy archive access benefit.
> >
> > Is it possible to setup people to be able to view launchpad private
> > bugs, without also making them full admins for the QEMU launchpad
> > project ?
>
> Honestly, I'd rather like use to move to the gitlab bug tracker instead
> of extending our use of the launchpad tracker. LP is IMHO a really ugly
> bug tracking tool.
I assume you mean here moving to use GitLab for *all* bug tracking,
not merely security bug tracking ? I don't think it would be sane
to split our process across different bug trackers.
I have no love for LP, so wouldn't disagree with a move to GitLab,
especially if we're intending to expand its usage for other parts
of QEMU project infrastructure. If we ever use it as the canonical
git repo host, then I'd say using its bug tracker too is pretty
much a no-brainer.
> > Does launchpad still send clear text email notifications to the
> > permitted admins for private bugs ? I recall I used to get clear
> > text emails for private bugs in the past for non-QEMU projects.
>
> IIRC, yes, the email notifications for the private bugs are still send
> without encryption.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2020-09-16 13:33 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-11 14:20 About 'qemu-security' mailing list P J P
2020-09-11 15:27 ` Li Qiang
2020-09-11 15:40 ` Alexander Bulekov
2020-09-11 15:58 ` Alexander Bulekov
2020-09-18 7:33 ` P J P
2020-09-11 15:47 ` Daniel P. Berrangé
2020-09-11 15:51 ` Peter Maydell
2020-09-14 7:38 ` Philippe Mathieu-Daudé
2020-09-14 10:17 ` Stefan Hajnoczi
2020-09-14 8:54 ` Daniel P. Berrangé
2020-09-14 9:30 ` Peter Maydell
2020-09-14 10:15 ` Stefan Hajnoczi
2020-09-15 10:48 ` P J P
2020-09-16 11:10 ` Stefan Hajnoczi
2020-09-16 12:33 ` Peter Maydell
2020-09-16 13:06 ` Daniel P. Berrangé
2020-09-16 13:25 ` Thomas Huth
2020-09-16 13:30 ` Daniel P. Berrangé [this message]
2020-09-18 7:02 ` P J P
2020-09-30 11:46 ` P J P
2020-09-30 15:48 ` Darren Kenny
2020-10-01 10:35 ` P J P
2020-10-01 11:34 ` Darren Kenny
2020-10-01 13:57 ` Konrad Rzeszutek Wilk
2020-10-01 18:17 ` P J P
2020-10-16 14:17 ` P J P
2020-10-20 14:08 ` P J P
2020-11-03 11:18 ` P J P
2020-11-17 14:46 ` Stefan Hajnoczi
2020-11-17 16:19 ` Stefan Hajnoczi
2020-11-17 16:35 ` Daniel P. Berrangé
2020-11-18 10:32 ` P J P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200916133011.GN1535709@redhat.com \
--to=berrange@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).