On Fri, Oct 26, 2007 at 06:26:11PM +0100, Bastien Nocera wrote: > The only problem I could see, is if the bugs filed are security > bugs/sensitive bugs, people adding themselves on the CC: would basically > get access to all those. Probably more a problem on the bugzilla-end > though. Indeed - but how often are Fedora security bugs first notified via bugzilla with the "Security Sensitive" box ticked? Perhaps sensitive packages or ones with frequent security problems could just opt out of the "anyone may be a cc" arrangement until a better workflow through bugzilla is found. (One change might be to not allow the cc list access by default on a bug in the security sensitive group, requiring either a member of that group or the default bug owner to clean up the cc list before allowing the cc list access to the bug.) If the maintainer raises the bug, then they can already easily restrict access - open the bug without any information in it, then restrict it as required, then add the details. Alasdair -- agk@xxxxxxxxxx -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
