Definition of a security bug
In Bugzilla we define security bugs as having both
- Classification is Client Software OR Components
- Keywords contain sec- OR Group contains core-security
Bugzilla searches
Firefox OS 2.2
Sec-Fixed-Since B2G 2.1
This search contains all security bugs set to fixed after 2014-11-22 (after 2.1 went code complete). It is meant to define the superset of bugs relevant for the 2.2 release.
TODO: Should this list also contain affected and verified?
Sec-No-Status B2G 2.2
This search lists all security bugs fixed since 2.1 lacking status-b2g-v2.2 classification.
It is the list that needs special scrutiny for detecting improper bug status for the 2.2 release.
Sec-Status-Requested B2G 2.2
This search lists all security bugs with status-b2g-v2.2 set to '?'. It is meant to signal that the developer was sent a NEEDINFO request for setting the appropriate status-b2g-v2.2, but hasn't done so, yet.
Sec-Affects B2G 2.2
This is the list with all security bugs that have status-b2g-v2.2 set to affected, verified or fixed. It is intended as superset for advisory candidates for the 2.2 release.
Sec-Advisory-Needed B2G 2.2
These are all security bugs confirmed to be affecting 2.2, but without an [adv-* tag on whiteboard.
This list needs special scrutiny after we're confident that all security bugs have gotten a proper status-b2g-v2.2 classification.
TODO: list of whiteboard tags we use and their meaning
Sec-Has-Advisory B2G 2.2
These are all security bugs confirmed to be affecting 2.2 with [adv-* on whiteboard, meaning that someone has already written an advisory.
This Bugzilla query is intended to be used for automatic generation of the advisory overview for the Firefox 2.2 release.