Hi,
first, let me state in public, that I don't like this kind of meta-
discussion at all, but it seems necessary if this list is to serve
any defined purpose besides flame fests.
My point of view is, that Bugzilla and this mailing list serve different
purposes.
The discussion in Bugzilla should focus on getting issues fixed as fast
and as good as possible for _all users_ of Gentoo. Anything else would
make Bugzilla harder to use, for developers and users alike.
This mailing list should allow users and administrators to assess bugs,
to determine the impact on their specific setups and to find out which
workarounds (if any) are advisable. This is necessary, because proper
fixes take some time (this is unavoidable), but many people cannot afford
delay. Just imagine someone administrating true multi-user workstations
at a university. He could either bug developers with his questions in
Bugzilla, or simply come here to find people in a similar situation.
An additional purpose of this list is, of course, general discussion of
security issues unrelated to vulnerabilities (setup issues, help with
implementation, advice, ...)
This does mean, that Gentoo devs do *not* have to post announcements to
this list. They can do that, of course, but in the end it is up to the
users.
So, users should not complain if a vulnerability they deem important is
not posted here, instead they should simply post it themselves. Developers
can then join the discussion *about the vulnerability itself* or simply
ignore it.
Of course they can (actually should) post a link to the coresponding entry
in Bugzilla, or encourage users to file a bug if this hasn't been done
already.
IMO its a shame if a discussion about a severe vulnerability which affects
*everyone* one this list ends up in a flamewar (or even starts as one).
Regards
--
gentoo-security@gentoo.org mailing list
first, let me state in public, that I don't like this kind of meta-
discussion at all, but it seems necessary if this list is to serve
any defined purpose besides flame fests.
My point of view is, that Bugzilla and this mailing list serve different
purposes.
The discussion in Bugzilla should focus on getting issues fixed as fast
and as good as possible for _all users_ of Gentoo. Anything else would
make Bugzilla harder to use, for developers and users alike.
This mailing list should allow users and administrators to assess bugs,
to determine the impact on their specific setups and to find out which
workarounds (if any) are advisable. This is necessary, because proper
fixes take some time (this is unavoidable), but many people cannot afford
delay. Just imagine someone administrating true multi-user workstations
at a university. He could either bug developers with his questions in
Bugzilla, or simply come here to find people in a similar situation.
An additional purpose of this list is, of course, general discussion of
security issues unrelated to vulnerabilities (setup issues, help with
implementation, advice, ...)
This does mean, that Gentoo devs do *not* have to post announcements to
this list. They can do that, of course, but in the end it is up to the
users.
So, users should not complain if a vulnerability they deem important is
not posted here, instead they should simply post it themselves. Developers
can then join the discussion *about the vulnerability itself* or simply
ignore it.
Of course they can (actually should) post a link to the coresponding entry
in Bugzilla, or encourage users to file a bug if this hasn't been done
already.
IMO its a shame if a discussion about a severe vulnerability which affects
*everyone* one this list ends up in a flamewar (or even starts as one).
Regards
--
gentoo-security@gentoo.org mailing list