[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Autoapprove watch* acls in the pkgdb



On Fri, Oct 26, 2007 at 06:26:11PM +0100, Bastien Nocera wrote:
> The only problem I could see, is if the bugs filed are security
> bugs/sensitive bugs, people adding themselves on the CC: would basically
> get access to all those. Probably more a problem on the bugzilla-end
> though.

Indeed - but how often are Fedora security bugs first notified via bugzilla
with the "Security Sensitive" box ticked?

Perhaps sensitive packages or ones with frequent security problems could just
opt out of the "anyone may be a cc" arrangement until a better workflow
through bugzilla is found.  (One change might be to not allow the cc list
access by default on a bug in the security sensitive group, requiring either
a member of that group or the default bug owner to clean up the cc list
before allowing the cc list access to the bug.)

If the maintainer raises the bug, then they can already easily restrict access
- open the bug without any information in it, then restrict it as required,
then add the details.

Alasdair
-- 
agk redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]