automatically grant watchbugzilla and watchcommits?

Johan Cwiklinski mailings at x-tnd.be
Sun Oct 12 17:50:07 UTC 2008


Toshio Kuratomi a écrit :
> Johan Cwiklinski wrote:
>   
>> Patrice Dumas a écrit :
>>     
>>> Hello,
>>>
>>> After some thinking, I really can't see why a packager wouldn't approve
>>> somebody asking for watchbugzilla or watchcommits. On the contrary,
>>> packagers should never be able to turn down people wanting to watch what
>>> is happening for a package. Everything is public in any case, it is just
>>> a convenience.
>>>
>>> What is your opinion?
>>>
>>> I will fill a bug if accepted.
>>>
>>> --
>>> Pat
>>>
>>>   
>>>       
>> Hello,
>>
>> I completely agree with Patrice :-)
>>
>>     
> When I brought this up, Bastien Nocera brought up security bugs and not
> wanting random people to be CC'd before a security bug is resolved.  How
> should we deal with this?
>
> -Toshio
>
>   
Hi,

Isn't it the work of bugzilla to send security issues mails to only a
restricted group ?
As we cannot see these bugs in the bugzilla, I think it should not send
us mail also... But I do not know if bugzilla permit this or not.

For the commits, I really do not know, but once commited, any packager
can get the sources, that would be a "minor" issue, the security whole
would be resolved at this time, and should come into the repositories
quickly.

Another possibility would be to not allow automatic approval for such
packages, maybe with an option  in the interface, and let the maintainer
choose if he wants to allow that for his package  or not ?

Regards,
Johan




More information about the fedora-devel-list mailing list