On 07/29/2009 08:20 AM, Till Maas wrote: > On Wed, Jul 29, 2009 at 07:12:00AM -0700, Toshio Kuratomi wrote: >> On 07/29/2009 07:05 AM, Till Maas wrote: >>> On Wed, Jul 29, 2009 at 06:30:27AM -0700, Toshio Kuratomi wrote: >>> >>>> Is the same thing true of watching a person? till, I'm now watching >>>> till-opensource.name, if you want to open a new security bug and see if >>>> I get CC'd. >>> >>> I created https://bugzilla.redhat.com/show_bug.cgi?id=514518 >>> According to bugzilla, you did not receive any mails, but only security-response-team@ rh.. >>> >> Confirmed. >> >> So autoapproving watchbugzilla would open up security bugs in a way that >> watching a person does not. > > According to Tomas Hoger, who replied to the bug, creating a security > sensitive bug also skips initialccs, therefore there seems to be no > security issue at all with autoapproving watchbugzilla in reality > afaics. I also oberserved that I was not added to the CC list of the > bug, which would be the default beheaviour. > Okay, please test this with a package that has people on the initial CC list so we've tested precisely the behaviour people are concerned about. If the initialcclist is not set when a security bug comes in I don't think there's a reason we shouldn't auto-approve watchbugzilla in pkgdb. -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
