On 17/11/09 11:47 +0100, Mathias Behrle wrote: > * Betr.: " [tryton] Re: New mailling lists for dev and security" (Mon, 16 Nov > 2009 23:41:38 +0100): > > > We can not accept everybody on this mailing list because this mailing list > > is > > for security developers that will fix reported issues and the major > > difficulty > > is that the information must be kept secret until fix exist and is applied > > on > > all series. So we must keep the number of people aware as tiny as possible. > > So we need to have a possibility for users to put issues on the tracker, that > are hidden to the public (and perhaps forwarded to tryton-security). I think, > this should be done on issues with type security. > > BTW: https://bugs.tryton.org/roundup/issue1295 is not of type security for me. > > > And we need indeed better descriptions of the related purposes, as well on the > website as on the groups. >
I have tried an update of schema.py of roundup to have this feature.
So this works like this:
Issue of type 'security' can only be viewed/edited:
- by creator
- by nosy list
- by assigned to
- by user that has the "Security" role
When the issue reaches on of the states 'resolved', 'closed' or 'invalid',
everybody can view it.
It is the same for message and file.
Does this behavior ok? If so I will applied it to the current roundup.
--
Cédric Krier
B2CK SPRL
Rue de Rotterdam, 4
4000 Liège
Belgium
Tel: +32 472 54 46 59
Email: [email protected]
Jabber: [email protected]
Website: http://www.b2ck.com/
twitter: http://twitter.com/cedrickrier
identi.ca: http://identi.ca/cedrickrier
pgpF0sOyKeP5H.pgp
Description: PGP signature
