Describe the bug reporting process in more detail
For vulnerability reporters who are newcomers to online bug tracking systems, a little additional instruction on filing security bugs can help reduce mistakes and requests for assistance with the process. Change-Id: I2d40b2aec377c63b0f50796abd406fa21265071f
This commit is contained in:
parent
85a22e290e
commit
87fc1224d8
|
@ -44,8 +44,12 @@ How to Report Security Issues to OpenStack
|
|||
We provide two ways to report issues to the OpenStack Vulnerability Management
|
||||
Team depending on how sensitive the issue is:
|
||||
|
||||
* Open a bug in Launchpad and mark it as a 'security bug'. This will make the
|
||||
bug Private and only accessible to the Vulnerability Management Team.
|
||||
* Search for the corresponding project at https://launchpad.net/ and after
|
||||
selecting it, click the 'Report a bug' link at the right. Fill in the
|
||||
'Summary' and 'Further information' fields describing the issue, then
|
||||
click the 'This bug is a security vulnerability' checkbox near the bottom
|
||||
of the page before submitting it. This will make the bug Private and only
|
||||
accessible to the Vulnerability Management Team.
|
||||
|
||||
* If the issue is extremely sensitive, please send an encrypted email to one
|
||||
of the Team's members. Their GPG keys can be found below, and are also
|
||||
|
|
Loading…
Reference in New Issue