On Tue October 14 2008, Behdad Esfahbod wrote: > > On Sun, Oct 12, 2008 at 10:00:25AM -0700, Toshio Kuratomi wrote: > >> When I brought this up, Bastien Nocera brought up security bugs and not > >> wanting random people to be CC'd before a security bug is resolved. How > >> should we deal with this? > > I think the correct way to deal with this is that watchbugzilla should not > automatically CC user to bugs for the component, but instead modify the > user's bugzilla account to watch some special address like, eg for package > pango, pango-bugs@xxxxxxxxxxxx And the product pango changed to have > pango-bugs@xxxxxxxxxxx as default assignee or Q/A contact. This way we > avoid the security problem issue, as well as those inbox-filling mass > changes to remove people from CC lists or to change default assignee of the > product. I do still not understand what the issue is and how this would resolve it, e.g. if nobody who watches pango-bugs gets informed about security bugs, how will the maintainer of the package get informed? Nevertheless your proposal would fix the other issues you described. I would only change to add pango-bugs to both the assignee and CC, to make sure everyone stays in the loop, once the package is assigned to some individual. Oh, but there is also a problem about your proposal. Afaik in this case, the bugs do not appear on the Bugzilla Frontpage and/or the "My Bugs" search. Can it made sure, that they do? Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
