huntr icon indicating copy to clipboard operation
huntr copied to clipboard
verified publisher icon 418sec

Differentiate between fixing a report and making it public.

Open ysf opened this issue 3 years ago • 2 comments

In the current version of huntr.dev a report goes public when a maintainer assigned a fix to an issue. I think it'll be better to differentiate between fixing a flaw and publishing it.

  1. It'll be similar to the original CVE process and general public disclosure policy
  2. Coordination in a bug accross multiple projects is easier to handle
  3. Maintainers can assign a fix asap and don't have to hold it back until they made a new release.

ysf avatar Mar 07 '22 09:03 ysf

See also #2143

But agree waited 2 weeks ago an "low" impact bug report that was fixed but we had to delay the release ...

jaapmarcus avatar Mar 07 '22 09:03 jaapmarcus

Big agreement, I'm waiting on marking reports as fixed that have been to avoid them going public immediately now. But in return that's going to ding my maintainer stats.

tommoor avatar Jul 09 '22 11:07 tommoor

Hi everyone! We now have a separate publish state for reports :)

psmoros avatar Nov 01 '22 22:11 psmoros