[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb (2nd try)

On Wed, Jul 29, 2009 at 4:59 AM, Till Maas<opensource till name> wrote:

> According to the Bugzilla docs, only people that are already on the CC
> list can access restricted bugs, and this can also be disabled:

Correct - but everyone that has watchbugzilla is put on the CC list
when the bug is created.  Therefore, if I create a new security bug
tomorrow, and Joe Random has watchbugzilla and is therefore on the CC
list, he'll be able to see that bug.

Yes, there is a box you can uncheck to disable this - however it's not
desirable. The security team, for instance, is on the CC list, as well
as any legitimate co-maintainers.  The security team adds people to
the CC in order to allow them to see the bug prior to it becoming
public, also - so it breaks actual workflow that works today.

Not a good idea, IMO.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]