Till Maas wrote: > On Tue October 14 2008, Behdad Esfahbod wrote: >>> On Sun, Oct 12, 2008 at 10:00:25AM -0700, Toshio Kuratomi wrote: >>>> When I brought this up, Bastien Nocera brought up security bugs and not >>>> wanting random people to be CC'd before a security bug is resolved. How >>>> should we deal with this? >> I think the correct way to deal with this is that watchbugzilla should not >> automatically CC user to bugs for the component, but instead modify the >> user's bugzilla account to watch some special address like, eg for package >> pango, pango-bugs@xxxxxxxxxxxx And the product pango changed to have >> pango-bugs@xxxxxxxxxxx as default assignee or Q/A contact. This way we >> avoid the security problem issue, as well as those inbox-filling mass >> changes to remove people from CC lists or to change default assignee of the >> product. > > I do still not understand what the issue is and how this would resolve it, > e.g. if nobody who watches pango-bugs gets informed about security bugs, how > will the maintainer of the package get informed? You're right. So maybe only use the alias for Q/A and let the default assignee be the maintainer(s). > Nevertheless your proposal would fix the other issues you described. I would > only change to add pango-bugs to both the assignee and CC, to make sure > everyone stays in the loop, once the package is assigned to some individual. > > Oh, but there is also a problem about your proposal. Afaik in this case, the > bugs do not appear on the Bugzilla Frontpage and/or the "My Bugs" search. Can > it made sure, that they do? I thought "My Bugs" only shows bugs I opened or the ones assigned to me, not all bugs I'm CC'ed on? behdad > Regards, > Till > -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
