Bugzilla SSL certificate expired

[deeglaze]

Safe browsing prohibits visiting the https://bugzilla.tianocore.org bug tracker due to CERT_DATE_INVALID.

[csosto-pk]

Since bugzilla is out of commission, should we wait for it come back or ask questions in git issues?

[deeglaze]

It looks like bugzilla issues have been migrated to github issues, but there are out-of-date instructions that still refer to bugzilla. Most importantly is for reporting security bugs

• https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues
• https://github.com/tianocore/tianocore.github.io/wiki/GHSA-GitHub-Security-Advisories-Proceess

Security issues should be accessible ahead of the disclosure date to any UEFI forum member that has joined the infosec group.

https://uefi.org/security says

If you have information about a security issue or vulnerability with a product that may be due to its UEFI-based firmware, please send an e-mail to [email protected]. Encrypt sensitive information using our PGP public key.

But reporting-security-issues says

NOTE: Never send any details related to a security issue in email.

Probably this should say "unencrypted email" and link the same PGP key as on uefi.org.

[rcran-ampere]

It looks like the Bugzilla site has been decommissioned: I now get an error saying it can't be reached:

This site can’t be reached
bugzilla.tianocore.org’s server IP address could not be found.

[samerhaj]

UEFI/ACPI spec "code-first" ECRs process is now being switched to using Github. See: #84