Closed Bug 352800 Opened 18 years ago Closed 18 years ago

Security Bugs are listed as references but are still hidden.

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: cso, Assigned: dveditz)

References

(
URL
)

Details

The security releases for the 1.5.0.7 releases have been made public, but the bugs they reference have not. The URL field has an example, and bug 346090 is a bug referenced from that.
(In reply to comment #0) > The security releases for the 1.5.0.7 releases have been made public, but the > bugs they reference have not. I assume some days are needed that most browsers have been updated, or there's more info in a bug about other still unfixed stuff. You always can have a look into the code to see what has been changed ;-)
Assignee: nobody → dveditz
Component: www.mozilla.org → Bugzilla: Other b.m.o Issues
OS: Windows XP → All
QA Contact: www-mozilla-org → myk
Hardware: PC → All
Yes, I believe this is intentional to ensure that people have a chance to upgrade before the vulnerabilities are disclosed.
(In reply to comment #2) > Yes, I believe this is intentional to ensure that people have a chance to > upgrade before the vulnerabilities are disclosed. It seems a bit weird to actually link the bugs in public, then.
(In reply to comment #3) > (In reply to comment #2) > > Yes, I believe this is intentional to ensure that people have a chance to > > upgrade before the vulnerabilities are disclosed. > > It seems a bit weird to actually link the bugs in public, then. Disclosing the fact that there are vulnerabilities and their nature (the advisories) is much different than exposing testcases and other specific details about the vulnerabilities (the bugs).
(In reply to comment #4) > Disclosing the fact that there are vulnerabilities and their nature (the > advisories) is much different than exposing testcases and other specific > details about the vulnerabilities (the bugs). I don't dispute that, and in fact I agree with it. However, the bugs are linked in public but are hidden which seems a bit weird to me - particularly since there isn't a note on the page that says that they are not visible.
The URLs are both links and references. They may not be visible immediately, but they are permanent and help people ensure they are talking about the same thing. We'll open them as appropriate. If you have a suggestion or complaint about it a bug isn't really the best way to go. Try one of the newsgroups, or if you just want to let someone know and aren't after a discussion you can mail security@mozilla.org
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
(In reply to comment #6) > We'll open them as appropriate. If you have a suggestion or complaint about it > a bug isn't really the best way to go. A public reference to a bug implies to me that it should be visible - hence that is a bug in my opinion.
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
You need to log in before you can comment on or make changes to this bug.