The mailing list for security vulnerabilities is private, in order to keep zero days a secret before they are patched. This is the issue, not the mailing list. Moving away from mailing lists wouldn’t solve this because the vulnerabilities would still have to be private.
@robbo @cm0002 That would be only the form. The amount of tasks to process would not change. His mailing software has very likely a tree view or so.
It would make it easier for people to find if a bug has already been reported, which is what Torvalds mentions as being a problem.
The mailing list for security vulnerabilities is private, in order to keep zero days a secret before they are patched. This is the issue, not the mailing list. Moving away from mailing lists wouldn’t solve this because the vulnerabilities would still have to be private.
@qaz That is right! Looks they need a bugtracker, ideally a bugtracker integrated with the mailing list.
Well, they already use Bugzilla. Although I personally do not find it particularly intuitive to use.