I have a fix locally. It is pretty small. But I think I need guidance, as I am not sure what is the best process in this case for pushing a security related fix to phabricator. Do I go the [obscure](https://firefox-source-docs.mozilla.org/bug-mgmt/processes/fixing-security-bugs.html#obfuscating-a-security-patch) route and file a new bug with this title "Remove dead tagging code in Pocket extension" and push to phabricator and never mention that it is security related. This would mean the new bug and phabricator is public to not draw attention to it. This would be my guess. Or do I go the [private](https://firefox-source-docs.mozilla.org/bug-mgmt/processes/fixing-security-bugs.html#keeping-private-information-private) route, and once the code lands users can see the changes and see the fact that it was security related, but not know any details. Is there another option?
Bug 1771026 Comment 9 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I have a fix locally. It is pretty small. But I think I need guidance, as I am not sure what is the best process in this case for pushing a security related fix to phabricator. Do I go the [obscure](https://firefox-source-docs.mozilla.org/bug-mgmt/processes/fixing-security-bugs.html#obfuscating-a-security-patch) route and file a new bug with this title "Remove dead tagging code in Pocket extension" and push to phabricator and never mention this bug or that it is security related. This would mean the new bug and phabricator is public to not draw attention to it. This would be my guess. Or do I go the [private](https://firefox-source-docs.mozilla.org/bug-mgmt/processes/fixing-security-bugs.html#keeping-private-information-private) route, and once the code lands users can see the changes and see the fact that it was security related, but not know any details. Is there another option?