[RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb (2nd try)

Toshio Kuratomi a.badger at gmail.com
Wed Jul 29 15:37:27 UTC 2009


On 07/29/2009 08:20 AM, Till Maas wrote:
> On Wed, Jul 29, 2009 at 07:12:00AM -0700, Toshio Kuratomi wrote:
>> On 07/29/2009 07:05 AM, Till Maas wrote:
>>> On Wed, Jul 29, 2009 at 06:30:27AM -0700, Toshio Kuratomi wrote:
>>>
>>>> Is the same thing true of watching a person?  till, I'm now watching
>>>> till-opensource.name, if you want to open a new security bug and see if
>>>> I get CC'd.
>>>
>>> I created https://bugzilla.redhat.com/show_bug.cgi?id=514518
>>> According to bugzilla, you did not receive any mails, but only security-response-team@ rh..
>>>
>> Confirmed.
>>
>> So autoapproving watchbugzilla would open up security bugs in a way that
>> watching a person does not.
> 
> According to Tomas Hoger, who replied to the bug, creating a security
> sensitive bug also skips initialccs, therefore there seems to be no
> security issue at all with autoapproving watchbugzilla in reality
> afaics. I also oberserved that I was not added to the CC list of the
> bug, which would be the default beheaviour.
> 
Okay, please test this with a package that has people on the initial CC
list so we've tested precisely the behaviour people are concerned about.

If the initialcclist is not set when a security bug comes in I don't
think there's a reason we shouldn't auto-approve watchbugzilla in pkgdb.

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090729/e21bd96b/attachment.bin 


More information about the devel mailing list