On 10/21/2016 09:16 PM, Michael Catanzaro wrote:
On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
Bugzilla is specifically not designed for keeping sensitive stuff
Really? Every Bugzilla that I regularly work with (GNOME, WebKit, Red
Hat) has this feature.
They have private bug reports, attachments, and maybe comments. But
there is no encryption (admittedly, it's difficult to do this a useful
way). A single SQL injection vulnerability likely gives you access to
everything. Same for cross-site scripting or cross-site request forgery
vulnerabilities, assuming you can get a sufficiently empowered user to
view something that triggers this. Then there is the thorny question
who gets access to private Fedora bugs. And so on.
I'm not saying that Bugzilla's features for private bits are completely
unusable. But I strongly believe that what we do today is not what
users expect when we tell them we keep private the data they submit.
Florian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
