Re: [RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb (2nd try)

[Adam Williamson <awilliam redhat com>]

On Wed, 2009-07-29 at 07:12 -0700, Toshio Kuratomi wrote:
> On 07/29/2009 07:05 AM, Till Maas wrote:
> > On Wed, Jul 29, 2009 at 06:30:27AM -0700, Toshio Kuratomi wrote:
> > 
> >> Is the same thing true of watching a person?  till, I'm now watching
> >> till-opensource.name, if you want to open a new security bug and see if
> >> I get CC'd.
> > 
> > I created https://bugzilla.redhat.com/show_bug.cgi?id=514518
> > According to bugzilla, you did not receive any mails, but only security-response-team@ rh..
> > 
> Confirmed.
> 
> So autoapproving watchbugzilla would open up security bugs in a way that
> watching a person does not.

Why are we not just treating this as a bug? If the privacy model is that
non-privileged people should not be notified about security bugs, then
non-privileged people not be notified about security bugs, no matter
whether they're using watchbugzilla or watchcommits or anything else.
Relying on manual filtering by not auto-approving watch requests does
not smell like the right 'fix' to me - humans are fallible, after all.
Shouldn't we just treat this as a bug in Bugzilla, report it, and get it
fixed?

-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net