Hey folks. You may notice that every bug seems to have three groups
available now that you can secure it to (well, maybe two if you're only
a developer, but three if you're a Bugzilla admin):
* Bugzilla Maintainers.
* The Product's developers group.
* The "hackers" group.
The "hackers" group is itself now pretty much obsolete--there is a
"developers" group that is inherited by anybody in any product-specific
"developers" group.
I'd like to propose that we delete the "hackers" group, and any bugs
currently assigned to it be re-assigned to the product-specific
"developers" group for the product the bug is in, which is a more
appropriate handling for security issues anyhow. (There are only 29 bugs
that we'd have to move.)
That sound OK?
After that, we may want to discuss how to adapt Bugzilla to be more
appropriate for storing security and tracking issues for GNOME. I talked
to Owen a bit about this, and he mentioned that currently security
issues are reported by sending an email to [email protected], but this
seems somewhat error-prone and hard to track as a developer, and doesn't
give you all the facilities of Bugzilla. Perhaps we should just auto-CC
"[email protected]" on any bug filed with a restriction to a security
group, and make it easier to file security bugs with an improved UI for it.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
_______________________________________________
Gnome-bugsquad mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/gnome-bugsquad
