https://bugzilla.wikimedia.org/show_bug.cgi?id=48836
--- Comment #7 from Thehelpfulone <[email protected]> --- (In reply to comment #6) > Members of the "admin" and "security" groups are automatically members of the > new "privatecomments" group, but people manually added to the > "privatecomments" > group (none so far, and no plans to do so) do not automatically gain access > to > tickets filed in the Security product. This is where I thought legal approval would be needed. As long as people aren't added to the privatecomments group without being a member of the admin or security group, there shouldn't be a legal issue. There are some bugs that are not in the Security product that have private comments so people in the "security" group would now be able to see these comments, but this is less of an issue to me. > In order to manually add people to the "privatecomments" group, a member of > either the "admin" or "editusers" group would be needed. And admins should be > trusted people anyway. I agree that admins are trusted, but if people are manually added to the "privatecomments" group then they may need to be approved by Legal for the reasons stated by Jarry above. Perhaps an email to admins letting them know that they shouldn't add people to this group without legal approval would be a good idea? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
