Bugzilla has an optional bug group facility which restricts access to products to certain individuals. The milestone document that is related to a product should also have access to it restricted by the bug groups mechanism, for installations where visibility of information is important.
The milestone documents can be put wherever you want them, and as they are most-likely static files, it is impossible for Bugzilla to impose any restrictions on them (we don't supply anything but a space to put a URL pointing to them, and they may or may not even be on the same server with Bugzilla). That would be up to you to make sure they're in a secure location where only those who can see them will. moving to documentation as this is something that probably should be pointed out in the docs. timeless says in IRC: "we should recommend that the milestone URL for protected products should point at an attachment to a bug which is in that product, which would then give it the same protection" That solution would work well. Upload your milestone document as an attachment to a bug in that product, then point the milstone URL for that product at the URL to view the attachment.
Assignee: justdave → barnboy
Component: Administration → Documentation
Target Milestone: --- → Bugzilla 2.16
Y'know, I'd started off thinking that the best way to do this was to have a stub cgi program to check permissions and then use the templating system to serve up the actual milestone page, bringing it under bugzilla's control (or at least giving the option). But I actually prefer your solution: it works with the system we have already, and we get an audit trail and simple revision control into the bargain. Perhaps the only downside is that you need editcomponents privileges to update the link, but that's not all that serious.
We are currently trying to wrap up Bugzilla 2.16. We are now close enough to release time that anything that wasn't already ranked at P1 isn't going to make the cut. Thus this is being retargetted at 2.18. If you strongly disagree with this retargetting, please comment, however, be aware that we only have about 2 weeks left to review and test anything at this point, and we intend to devote this time to the remaining bugs that were designated as release blockers.
Target Milestone: Bugzilla 2.16 → Bugzilla 2.18
The docs should always be up-to-date when we release. Forgot to exclude Documentation when I mass-retargetted.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.16
Barnboy changed his email address and opened a new account instead of having the address changed on his existing one. Reassigning all docs bugs to his new account.
Assignee: barnboy → mbarnson
I've put this tip in the Milestone Admin section. Gerv
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.