On Tue October 14 2008, Behdad Esfahbod wrote: > Till Maas wrote: > > On Tue October 14 2008, Behdad Esfahbod wrote: > >>> On Sun, Oct 12, 2008 at 10:00:25AM -0700, Toshio Kuratomi wrote: > >>>> When I brought this up, Bastien Nocera brought up security bugs and > >>>> not wanting random people to be CC'd before a security bug is > >>>> resolved. How should we deal with this? > >> > >> I think the correct way to deal with this is that watchbugzilla should > >> not automatically CC user to bugs for the component, but instead modify > >> the user's bugzilla account to watch some special address like, eg for > >> package pango, pango-bugs@xxxxxxxxxxxx And the product pango changed to > >> have pango-bugs@xxxxxxxxxxx as default assignee or Q/A contact. This > >> way we avoid the security problem issue, as well as those inbox-filling > >> mass changes to remove people from CC lists or to change default > >> assignee of the product. > > > > I do still not understand what the issue is and how this would resolve > > it, e.g. if nobody who watches pango-bugs gets informed about security > > bugs, how will the maintainer of the package get informed? > > You're right. So maybe only use the alias for Q/A and let the default > assignee be the maintainer(s). I guess it cannot be really solved without someone providing the actual security concerns and scenarios where they apply. The bug report about this does also not provide any information about this: https://fedorahosted.org/packagedb/ticket/66 > > Nevertheless your proposal would fix the other issues you described. I > > would only change to add pango-bugs to both the assignee and CC, to make > > sure everyone stays in the loop, once the package is assigned to some > > individual. > > > > Oh, but there is also a problem about your proposal. Afaik in this case, > > the bugs do not appear on the Bugzilla Frontpage and/or the "My Bugs" > > search. Can it made sure, that they do? > > I thought "My Bugs" only shows bugs I opened or the ones assigned to me, > not all bugs I'm CC'ed on? This is true for "My Frontpage", but the "My Bugs" query also shows every bug, where one is CC'ed. Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
