jaapmarcus
commented
2 years ago How ever it should be remain possible to allow the maintainer to have an public available comment possibility
Open ysf opened 2 years ago
jaapmarcus
commented
2 years ago How ever it should be remain possible to allow the maintainer to have an public available comment possibility
ysf
commented
2 years ago Sure, but if maintaiers have a comment it should be reflected/added in the report.
I think after a report has been published, the back & forth comments should not be viewable to the externs. If there is something important in there, it should be mentioned in the report itself. The only interesting thing is the timeline. From where it has been disclosed to when it was fixed & published. As in the other disclose processes, i.e. private mails or internal mailing lists, I think this should stay private.