Talk:Reporting security bugs

From MediaWiki.org
Jump to navigation Jump to search

Redundancy[edit]

This page partly duplicates Security and is less discoverable. Can the two be merged or coordinated in some way, please? --Nemo 12:05, 31 January 2017 (UTC)

When should a bug be reported as a security issue?[edit]

Sometimes, I find a bug and I don't really know if it should be considered as a security issue or not. It would be useful to have some criteria on this page.

To give examples: I didn't report phab:T33656, phab:T45137, phab:T102063 and phab:T150796 as security bugs. The last one was marked marked as a security bug afterwards. Should I have reported the others as such?

Of course, I could just mark bugs as security when I'm not sure and let the security team decide. But the resources to fix those issues seem limited (since only a small number of people can see them), so I don't want to needlessly do it.

Orlodrim (talk) 22:05, 23 May 2019 (UTC)