Orangefactor should also comment on security related bugs



3 years ago
5 months ago


(Reporter: whimboo, Unassigned)





3 years ago
As of now Orangefactor doesn't seem to have the permission to comment on security related bugs. This is annoying in case you have lots of busted test results due to crashes. An example is e.g. bug 1232649.

It would be great if commenting would work and suggestions been shown in Treeherder.

Comment 1

3 years ago
I agree this would be useful.

Some things worth noting:
* Treeherder cannot show bug suggestions for hidden bugs, so any bug numbers have to be human entered (and so often aren't).
* Even if humans enter the bug numbers, I'm not sure if they show up on the overview (ie since there is no bug summary that can be shown on that row. In addition I don't know whether the bug details page works (eg using your example bug from comment 0: )
* For the daily/weekly bug commenting script ( to be able to comment on hidden bugs, we'd either:
(a) need to give it security bugs permissions (and for lots of groups) - which is a massive security hole (given brasstacks is pretty ancient and it would probably not be difficult for someone to find a way to get at the API key).
(b) need to add a new feature to Bugzilla's REST API that means users with a new permission X (or a limited API key) can comment on bugs even if they cannot view them.
* OrangeFactor is basically EOL (and so not worth investing any more time in) and will be replaced later this year with native Treeherder functionality.

That said, once we switch to a native-Treeherder approach, we're going to stop using Bugzilla (and bug numbers) as the way to track failures, so it would be easier to handle failure-modes for whom any associated bug is hidden.

Comment 2

5 months ago
OrangeFactor is EOL and so this would need to be implemented in Treeherder, but the corresponding bug there was wontfixed (bug 1109803).
Last Resolved: 5 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.