Describe the bug reporting process in more detail

For vulnerability reporters who are newcomers to online bug tracking systems, a little additional instruction on filing security bugs can help reduce mistakes and requests for assistance with the process. Change-Id: I2d40b2aec377c63b0f50796abd406fa21265071f
2015-04-23 23:57:51 +00:00 · 2015-04-23 23:57:51 +00:00 · 87fc1224d8
parent 85a22e290e
commit 87fc1224d8
1 changed files with 6 additions and 2 deletions
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -44,8 +44,12 @@ How to Report Security Issues to OpenStack
 We provide two ways to report issues to the OpenStack Vulnerability Management
 Team depending on how sensitive the issue is:

-* Open a bug in Launchpad and mark it as a 'security bug'. This will make the
-  bug Private and only accessible to the Vulnerability Management Team.
+* Search for the corresponding project at https://launchpad.net/ and after
+  selecting it, click the 'Report a bug' link at the right. Fill in the
+  'Summary' and 'Further information' fields describing the issue, then
+  click the 'This bug is a security vulnerability' checkbox near the bottom
+  of the page before submitting it. This will make the bug Private and only
+  accessible to the Vulnerability Management Team.

 * If the issue is extremely sensitive, please send an encrypted email to one
  of the Team's members. Their GPG keys can be found below, and are also