Closed
Bug 352800
Opened 18 years ago
Closed 18 years ago
Security Bugs are listed as references but are still hidden.
Categories
(bugzilla.mozilla.org :: General, defect)
bugzilla.mozilla.org
General
Tracking
()
RESOLVED
INVALID
People
(Reporter: cso, Assigned: dveditz)
References
()
Details
The security releases for the 1.5.0.7 releases have been made public, but the bugs they reference have not. The URL field has an example, and bug 346090 is a bug referenced from that.
|
||
Comment 1•18 years ago
|
||
(In reply to comment #0) > The security releases for the 1.5.0.7 releases have been made public, but the > bugs they reference have not. I assume some days are needed that most browsers have been updated, or there's more info in a bug about other still unfixed stuff. You always can have a look into the code to see what has been changed ;-)
|
||
Updated•18 years ago
|
Assignee: nobody → dveditz
Component: www.mozilla.org → Bugzilla: Other b.m.o Issues
OS: Windows XP → All
QA Contact: www-mozilla-org → myk
Hardware: PC → All
|
||
Comment 2•18 years ago
|
||
Yes, I believe this is intentional to ensure that people have a chance to upgrade before the vulnerabilities are disclosed.
|
Reporter | |
Comment 3•18 years ago
|
||
(In reply to comment #2) > Yes, I believe this is intentional to ensure that people have a chance to > upgrade before the vulnerabilities are disclosed. It seems a bit weird to actually link the bugs in public, then.
|
|
||
Comment 4•18 years ago
|
||
(In reply to comment #3) > (In reply to comment #2) > > Yes, I believe this is intentional to ensure that people have a chance to > > upgrade before the vulnerabilities are disclosed. > > It seems a bit weird to actually link the bugs in public, then. Disclosing the fact that there are vulnerabilities and their nature (the advisories) is much different than exposing testcases and other specific details about the vulnerabilities (the bugs).
|
|
Reporter | |
Comment 5•18 years ago
|
||
(In reply to comment #4) > Disclosing the fact that there are vulnerabilities and their nature (the > advisories) is much different than exposing testcases and other specific > details about the vulnerabilities (the bugs). I don't dispute that, and in fact I agree with it. However, the bugs are linked in public but are hidden which seems a bit weird to me - particularly since there isn't a note on the page that says that they are not visible.
|
Assignee | |
Comment 6•18 years ago
|
||
The URLs are both links and references. They may not be visible immediately, but they are permanent and help people ensure they are talking about the same thing. We'll open them as appropriate. If you have a suggestion or complaint about it a bug isn't really the best way to go. Try one of the newsgroups, or if you just want to let someone know and aren't after a discussion you can mail security@mozilla.org
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 7•18 years ago
|
||
(In reply to comment #6) > We'll open them as appropriate. If you have a suggestion or complaint about it > a bug isn't really the best way to go. A public reference to a bug implies to me that it should be visible - hence that is a bug in my opinion.
|
||
Updated•13 years ago
|
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•