Closed Bug 964451 Opened 10 years ago Closed 10 years ago

Access to security bug denied to me

Categories

(mozilla.org :: Governance, task)

Product:
mozilla.org
Component:
Governance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: BenB, Assigned: dveditz)

Details

I'm a founding member of the security group and need access to all Mozilla security bugs, without exception. Bug 700979 is supposedly a Thunderbird security bug, but I am denied access. Please ensure that I can access all security bugs.

Thank you.

(A critical part of my role is to ensure good government of security bugs, which requires that I see everything without exception.)

(FWIW, once granted access, I will remove the embargo on that particular bug, because it was publicly reported about by a news site.)
You really haven't read your s-g mail lately, then have you? Bugs are getting restricted to sub groups that actually need access to them. See https://securitywiki.mozilla.org/Client_Security_Teams. Specifically, bug 700979 falls under the mail security team.

I've unhidden the bug, but marking this WFM, as the reason for you not accessing the bug is fine.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Hey reed, I've read discussions about it, and I can see the rational behind it, but I have consistently asked to be given access to all of the groups. It's important that there is oversight from people outside the Mozilla employees, to ensure that mozilla.org treats these security bugs properly - both procedurally and quantitatively. One important purpose for my membership - since the very beginning - is exactly that.

I think I have earned this trust, too. I've been there since the very creation of this security group, and the formulation of its guiding principles.

I can only fulfill this role when granted access to all bugs.

I've assigned this to dveditz, because a) he's the head of security and b) I believe that he understands where I am coming from.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Status: REOPENED → ASSIGNED
Based on https://securitywiki.mozilla.org/Client_Security_Teams , it seems like the "Client Security Triage Team" seems like the right bucket to me.
FWIW, I rigorously manage my client security, much more even than most developers.
We don't track this stuff in Bugzilla. If you have an issue, e-mail dveditz directly.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → INVALID
I seem to have access to Security-Core again, e.g. to bug 1012694. Thanks a lot! This is a big relieve for me.
Resolution: INVALID → FIXED
You need to log in before you can comment on or make changes to this bug.