On Wed, Aug 9, 2017 at 12:20 AM, Axel Hecht <l...@mozilla.com> wrote:

> I think we should strive to have as few people as possible with general
> access to security bugs.

​We do. We've reduced the number of people with access, and split the
"client" security group into ~10 sub groups so that any given person has
access to a smaller subset of security bugs that are more likely to be
relevant to them.

So, in that sense, I think we should make this a general assumption, that
> the folks writing patches and doing reviews are not in group of the bug.

​would get little done if we couldn't CC people to give them access. Many
of those people are crucial to the production of the patch itself (as the
author or reviewer) and will need access to the Phabricator version.

​Dan Veditz​
dev-platform mailing list

Reply via email to