Talk:Reporting security bugs

Redundancy
This page partly duplicates Security and is less discoverable. Can the two be merged or coordinated in some way, please? --Nemo 12:05, 31 January 2017 (UTC)

When should a bug be reported as a security issue?
Sometimes, I find a bug and I don't really know if it should be considered as a security issue or not. It would be useful to have some criteria on this page.

To give examples: I didn't report T33656, T45137, T102063 and T150796 as security bugs. The last one was marked marked as a security bug afterwards. Should I have reported the others as such?

Of course, I could just mark bugs as security when I'm not sure and let the security team decide. But the resources to fix those issues seem limited (since only a small number of people can see them), so I don't want to needlessly do it.

Orlodrim (talk) 22:05, 23 May 2019 (UTC)