[RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb (2nd try)
jonstanley at gmail.com
Wed Jul 29 12:00:23 UTC 2009
On Wed, Jul 29, 2009 at 4:59 AM, Till Maas<opensource at till.name> wrote:
> According to the Bugzilla docs, only people that are already on the CC
> list can access restricted bugs, and this can also be disabled:
Correct - but everyone that has watchbugzilla is put on the CC list
when the bug is created. Therefore, if I create a new security bug
tomorrow, and Joe Random has watchbugzilla and is therefore on the CC
list, he'll be able to see that bug.
Yes, there is a box you can uncheck to disable this - however it's not
desirable. The security team, for instance, is on the CC list, as well
as any legitimate co-maintainers. The security team adds people to
the CC in order to allow them to see the bug prior to it becoming
public, also - so it breaks actual workflow that works today.
Not a good idea, IMO.
More information about the devel