On Mar 6, 2013, at 1:40 PM, Tomasz W. Kozłowski odder.wiki@gmail.com wrote:
I can't see why a Bugzilla administrator would be required to sign an NDA -- is there anything secret when it comes to bugs in a GPL-licenced software?
Well. These security bugs are zero-day exploits and often contain patches or other juicy tidbits that will allow hostile individuals to attack sites running vulnerable versions of MediaWiki - including our own cluster - until the hole is closed.
So yes. There's a need for an NDA there.
--- Brandon Harris, Senior Designer, Wikimedia Foundation
Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate