Re: automatically grant watchbugzilla and watchcommits?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Johan Cwiklinski wrote:
> Toshio Kuratomi a écrit :
>> When I brought this up, Bastien Nocera brought up security bugs and not
>> wanting random people to be CC'd before a security bug is resolved.  How
>> should we deal with this?
>>
>> -Toshio
>>
>>   
> Hi,
> 
> Isn't it the work of bugzilla to send security issues mails to only a
> restricted group ?
> As we cannot see these bugs in the bugzilla, I think it should not send
> us mail also... But I do not know if bugzilla permit this or not.
> 
AFAIK, bugzilla will send the security mail/allow people to see the
security bug if they are explicitly CC'd on the bug.

You are explicitly CC'd on the bug if you are given the watchbugzilla
acl in pkgdb.

> For the commits, I really do not know, but once commited, any packager
> can get the sources, that would be a "minor" issue, the security whole
> would be resolved at this time, and should come into the repositories
> quickly.
> 
<nod>  I'd like this to be consistent with the watchbugzilla acls if
possible but perhaps having watchcommits be autoapprove but not
watchbugzilla is the way to go.

> Another possibility would be to not allow automatic approval for such
> packages, maybe with an option  in the interface, and let the maintainer
> choose if he wants to allow that for his package  or not ?

It's a possibility but I don't think it's a good one.  Are we trying to
address a maintainer's concerns with such an option or are we trying to
keep security bugs private until the fix can be released?  If the latter
is the goal, making this settable per package is the wrong thing to do.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux