On Mon, 6 Sep 2010 14:10:41 +0200, Christian Faulhammer
<fauli@gentoo.org> wrote:

> Hi,
> 
> "Robin H. Johnson" <robbat2@gentoo.org>:
> > 2.2. Security bugs
> >   The developer should comment, but ONLY members of the security
> > team should:
> >   - change whiteboard
> >   - add/remove arches
> 
>  As security may be grateful for any kind of help, those two actions
> is often done by the maintainers.
> 

We are indeed grateful for help, but we require people who change
things there to know what they are doing.

I understand that we're slow at times, but we regularly have to revisit
a bug because there was a change, but it wasn't done right. 
That's no help. Instead, it's creating more work (and frustration).

There is a specific guideline on how we handle our bugs, and we request
people who change bugs assigned to our team to follow them or to stay
away.

So, as for the guide, it should link to the vulnerability policy as
well include a note with the contents of the previous paragraph.

-- 
Alex Legler | Gentoo Security / Ruby
a3li@gentoo.org | a3li@jabber.ccc.de