On Wed, Jul 29, 2009 at 4:59 AM, Till Maas<opensource@xxxxxxxxx> wrote: > According to the Bugzilla docs, only people that are already on the CC > list can access restricted bugs, and this can also be disabled: Correct - but everyone that has watchbugzilla is put on the CC list when the bug is created. Therefore, if I create a new security bug tomorrow, and Joe Random has watchbugzilla and is therefore on the CC list, he'll be able to see that bug. Yes, there is a box you can uncheck to disable this - however it's not desirable. The security team, for instance, is on the CC list, as well as any legitimate co-maintainers. The security team adds people to the CC in order to allow them to see the bug prior to it becoming public, also - so it breaks actual workflow that works today. Not a good idea, IMO. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
