We've recently had a few security holes found in Bugzilla that are severe enough that we don't want the public seeing them until the fix has been checked in and is live on b.m.o. These wound up getting placed in the Mozilla Security group, and several Bugzilla people were CCed to the bugs with the cc_accessible bit set so we could all see it. This has proven to be a bit cumbersome, as the people placing the bug into the security group don't always remember everyone's emails to add them to the CC list, and it's not really appropriate to add Bugzilla folks to the Mozilla security group. If you can create the group and give me blessgroupset for it, I can take care of adding the rest of the folks to it that should be in it. Thanks.
Dave - to move this forward, you need to create a proposal for the creation of the group, perhaps based on the Mozilla Security group proposal, and sent it to firstname.lastname@example.org . It doesn't have to be as complex as that one - the Mozilla version is a carefully-crafted compromise between a lot of conflicting views, and I think what we are doing here is pretty sensible and obvious. Gerv
sorry for the slow reply, I apparently missed the email with Gerv's comment in it asking for action from me. You're right, the Mozilla policy is completely overkill for what we intend to use it for, however most of that policy is roughly the same as how we wanted to use it. I'll try to draft something tonight and mail it off.
*pokes stick at justdave*
Myk did this. Gerv