© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Emilien, I don't think this can be made public yet; since the embargo is set on the CVE number.
tl;dr: Post the revert as AN ATTACHMENT here; review and get it pre-approve here. Then, once the embargo is lifted (need to coordinate with by Red Hat's Product Security team), it can be fast-tracked through Gerrit.
Per the process here (https:/
On patch development:
[quote]
For a private report, the reporter (automatic if reported directly as a bug) and the affected projects’ core security review teams plus anyone they deem necessary to develop and validate a fix are added to the bug’s subscription list. A fix is proposed as a patch to the current master branch (as well as any affected supported branches) and attached to the private bug report, *not sent to the public code review system.*
[/quote]
And, on patch review:
[quote]
For a private report once the initial patch has been attached to the bug, core reviewers on the subscription list from the project in question should review it and suggest updates or pre-approve it for merging. Privately-developed patches need to be pre-approved so that they can be fast-tracked through public code review later at disclosure time.
[/quote]