>> Bite the bullet and at least make all CC'd people able to see all
>> patches, always. It's needed.
>
>Yeah, that's the direction I think we should take.
Good, thanks.
>For now, we will implement exact syncing of the CC list + reporter as the
>revision's subscriber list. This means that anyon
On Saturday, 26 August 2017 00:40:08 UTC-4, Randell Jesup wrote:
> >And don't forget reporter and assignees. Occasionally a reporter not in the
> >security group will notice that a patch is insufficient which is nicer to
> >find before the patch is committed than after the commit link is added to
>On Wed, Aug 9, 2017 at 11:32 AM, Mark Côté wrote:
>
>> I actually like Gijs's proposal, to mirror *from* Phabricator *to* BMO.
>> That way, if you're looking at the bug and want to pull someone in, you CC
>> them; if you're looking at the fix and want to involve someone, you add
>> them as a subs
Having both reported, fixed and reviewed security bugs, I feel an
uni-directional sync from Phabricator to BMO is not going to cut it. I
think it will be unexpected for most users and might just lead to
additional "why can I not see the patch" bug comments.
I understand that it's more work, but I
On Wed, Aug 9, 2017 at 11:32 AM, Mark Côté wrote:
> I actually like Gijs's proposal, to mirror *from* Phabricator *to* BMO.
> That way, if you're looking at the bug and want to pull someone in, you CC
> them; if you're looking at the fix and want to involve someone, you add
> them as a subscriber
For brevity and clarity I'm just replying to Dan here, but I am attempting to
address other points raised so far in this thread.
On Wednesday, 9 August 2017 13:07:08 UTC-4, Daniel Veditz wrote:
> On Tue, Aug 8, 2017 at 5:30 PM, Mark Côté wrote:
>
> > I am not sure how often CCed users are invo
On Tue, Aug 8, 2017 at 5:30 PM, Mark Côté wrote:
> I am not sure how often CCed users are involved with confidential bugs'
> patches
> [
> ] Anecdotally I have been told that a lot of the time users are CCed
> just to be informed of the problem, e.g. a manager might want to be aware
> of a
On Wed, Aug 9, 2017 at 12:20 AM, Axel Hecht wrote:
> I think we should strive to have as few people as possible with general
> access to security bugs.
We do. We've reduced the number of people with access, and split the
"client" security group into ~10 sub groups so that any given person has
On Tue, Aug 8, 2017 at 11:38 PM, Nicolas B. Pierron <
nicolas.b.pier...@mozilla.com> wrote:
> However, users outside of the security group(s) can see confidential bugs
>> if they are involved with them in some way. Frequently the CC field is
>> used as a way to include outsiders in a bug.
>
>
> N
On 08/08/2017 08:30 PM, Mark Côté wrote:
First I want to double check that this is truly useful. I am not sure how
often CCed users are involved with confidential bugs' patches (I might be able
to ballpark this with some Bugzilla searches, but I don't think it would be
easy to get a straight
On 09/08/2017 01:30, Mark Côté wrote:
If you have any thoughts on this, please reply. I'll answer any questions and
summarize the feedback with a decision in a few days. Note that we can, of
course, try a simple approach to start, and add in more complex functionality
after an evaluation per
s a bit on the additional private-attachment thing that Nicolas
mentioned.
Axel
Am 09.08.17 um 02:30 schrieb Mark Côté:
(Cross-posted to mozilla.tools)
Hi, I have an update and a request for comments regarding Phabricator and
confidential reviews.
We've completed the functionality around l
On 08/09/2017 12:30 AM, Mark Côté wrote:
Hi, I have an update and a request for comments regarding Phabricator and
confidential reviews.
First of all, thanks for considering confidential bugs as part of this
process. This was my main reason for not using moz-review.
We've complete
(Cross-posted to mozilla.tools)
Hi, I have an update and a request for comments regarding Phabricator and
confidential reviews.
We've completed the functionality around limiting access to Differential
revisions (i.e. code reviews) that are tied to confidential bugs. To recap the
ori
14 matches
Mail list logo
