Closed Bug 1141750 Opened 11 years ago Closed 11 years ago

Amend MozReview note on Create New Attachment page to warn against security patches

Categories

(bugzilla.mozilla.org :: User Interface, defect)

Product:
bugzilla.mozilla.org
Component:
User Interface
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: mcote, Unassigned)

Details

Attachments

(1 file)

Warn against security patches
886 bytes, patch
glob
: review-
Details | Diff | Splinter Review
Given that MozReview is entirely public at the moment, it's important that people don't submit security-related or other confidential patches via MozReview. We should append this to the note: <b>Note</b>: At the moment, MozReview is an entirely public system. <b>Do not</b> use it for security-related patches or any other confidential material.
Assignee: nobody → mcote
Status: NEW → ASSIGNED
Attachment #8575561 - Flags: review?(glob)
Changed the wording a little bit: <b>Note</b>: At the moment, all content on MozReview is entirely public. <b>Do not</b> use MozReview for security-related patches or any other confidential material.
Comment on attachment 8575561 [details] [diff] [review] Warn against security patches Review of attachment 8575561 [details] [diff] [review]: ----------------------------------------------------------------- i don't think there's any need to always display this warning. instead we should just not display the "use rb" suggestion if a bug isn't public. side note: does the "post to rb from hg" stuff throw an error if you try to link it with a non-public bug?
Attachment #8575561 - Flags: review?(glob) → review-
The intent is not necessarily to prevent a single confidential patch from being posted; rather, it's a general "awareness campaign". Not displaying it when the bug is confidential doesn't really solve that problem. It doesn't advertise MozReview, but neither does it indicate that you should definitely not use MozReview for this nor any other confidential patch. There is an error if you try to publish a review request for a confidential bug. I can't remember if you get an error when you try to push to the hg review repo, but there probably should be. It has to look up the bug to verify that it exists, but I can't remember if it fails if the bug is confidential.
(In reply to Mark Côté [:mcote] from comment #4) > The intent is not necessarily to prevent a single confidential patch from > being posted; rather, it's a general "awareness campaign". Not displaying > it when the bug is confidential doesn't really solve that problem. It > doesn't advertise MozReview, but neither does it indicate that you should > definitely not use MozReview for this nor any other confidential patch. i don't think it's the place of bugzilla to document/advertise the limitations of mozreview. that message is really only useful once, and it's only useful for people who work on confidential bugs (which i strongly suspect is a small fraction of our overall patch developers). i don't agree there's value in displaying the message to all users, all the time.
The whole message is really only useful once, but all right; I'll put it elsewhere.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: