create a Bugzilla Security group

VERIFIED FIXED

Status

()

bugzilla.mozilla.org
General
VERIFIED FIXED
16 years ago
4 years ago

People

(Reporter: justdave, Assigned: Dawn Endico)

Tracking

Details

We've recently had a few security holes found in Bugzilla that are severe enough
that we don't want the public seeing them until the fix has been checked in and
is live on b.m.o.  These wound up getting placed in the Mozilla Security group,
and several Bugzilla people were CCed to the bugs with the cc_accessible bit set
so we could all see it.

This has proven to be a bit cumbersome, as the people placing the bug into the
security group don't always remember everyone's emails to add them to the CC
list, and it's not really appropriate to add Bugzilla folks to the Mozilla
security group.

If you can create the group and give me blessgroupset for it, I can take care of
adding the rest of the folks to it that should be in it.

Thanks.
Dave - to move this forward, you need to create a proposal for the creation of
the group, perhaps based on the Mozilla Security group proposal, and sent it to
staff@mozilla.org . It doesn't have to be as complex as that one - the Mozilla
version is a carefully-crafted compromise between a lot of conflicting views,
and I think what we are doing here is pretty sensible and obvious.

Gerv
sorry for the slow reply, I apparently missed the email with Gerv's comment in
it asking for action from me.

You're right, the Mozilla policy is completely overkill for what we intend to
use it for, however most of that policy is roughly the same as how we wanted to
use it.

I'll try to draft something tonight and mail it off.
*pokes stick at justdave*
Myk did this.

Gerv
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
verif fixed
Status: RESOLVED → VERIFIED
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
You need to log in before you can comment on or make changes to this bug.