On Wed, 2009-07-29 at 07:12 -0700, Toshio Kuratomi wrote: > On 07/29/2009 07:05 AM, Till Maas wrote: > > On Wed, Jul 29, 2009 at 06:30:27AM -0700, Toshio Kuratomi wrote: > > > >> Is the same thing true of watching a person? till, I'm now watching > >> till-opensource.name, if you want to open a new security bug and see if > >> I get CC'd. > > > > I created https://bugzilla.redhat.com/show_bug.cgi?id=514518 > > According to bugzilla, you did not receive any mails, but only security-response-team@ rh.. > > > Confirmed. > > So autoapproving watchbugzilla would open up security bugs in a way that > watching a person does not. Why are we not just treating this as a bug? If the privacy model is that non-privileged people should not be notified about security bugs, then non-privileged people not be notified about security bugs, no matter whether they're using watchbugzilla or watchcommits or anything else. Relying on manual filtering by not auto-approving watch requests does not smell like the right 'fix' to me - humans are fallible, after all. Shouldn't we just treat this as a bug in Bugzilla, report it, and get it fixed? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
