[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb (2nd try)



On 07/29/2009 08:20 AM, Till Maas wrote:
> On Wed, Jul 29, 2009 at 07:12:00AM -0700, Toshio Kuratomi wrote:
>> On 07/29/2009 07:05 AM, Till Maas wrote:
>>> On Wed, Jul 29, 2009 at 06:30:27AM -0700, Toshio Kuratomi wrote:
>>>
>>>> Is the same thing true of watching a person?  till, I'm now watching
>>>> till-opensource.name, if you want to open a new security bug and see if
>>>> I get CC'd.
>>>
>>> I created https://bugzilla.redhat.com/show_bug.cgi?id=514518
>>> According to bugzilla, you did not receive any mails, but only security-response-team@ rh..
>>>
>> Confirmed.
>>
>> So autoapproving watchbugzilla would open up security bugs in a way that
>> watching a person does not.
> 
> According to Tomas Hoger, who replied to the bug, creating a security
> sensitive bug also skips initialccs, therefore there seems to be no
> security issue at all with autoapproving watchbugzilla in reality
> afaics. I also oberserved that I was not added to the CC list of the
> bug, which would be the default beheaviour.
> 
Okay, please test this with a package that has people on the initial CC
list so we've tested precisely the behaviour people are concerned about.

If the initialcclist is not set when a security bug comes in I don't
think there's a reason we shouldn't auto-approve watchbugzilla in pkgdb.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]