Re-working group security
- From: Max Kanat-Alexander <mkanat bugzilla org>
- To: gnome-bugsquad gnome org
- Subject: Re-working group security
- Date: Mon, 17 Aug 2009 15:22:28 -0700
Hey folks. You may notice that every bug seems to have three groups
available now that you can secure it to (well, maybe two if you're only
a developer, but three if you're a Bugzilla admin):
* Bugzilla Maintainers.
* The Product's developers group.
* The "hackers" group.
The "hackers" group is itself now pretty much obsolete--there is a
"developers" group that is inherited by anybody in any product-specific
"developers" group.
I'd like to propose that we delete the "hackers" group, and any bugs
currently assigned to it be re-assigned to the product-specific
"developers" group for the product the bug is in, which is a more
appropriate handling for security issues anyhow. (There are only 29 bugs
that we'd have to move.)
That sound OK?
After that, we may want to discuss how to adapt Bugzilla to be more
appropriate for storing security and tracking issues for GNOME. I talked
to Owen a bit about this, and he mentioned that currently security
issues are reported by sending an email to security gnome org, but this
seems somewhat error-prone and hard to track as a developer, and doesn't
give you all the facilities of Bugzilla. Perhaps we should just auto-CC
"security gnome org" on any bug filed with a restriction to a security
group, and make it easier to file security bugs with an improved UI for it.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
