Closed Bug 1278398 Opened 4 years ago Closed 3 years ago

Enable "Due Date" field for all websites, web services, infrastructure(webops, netops, etc), infosec bugs (all components)

Categories

(bugzilla.mozilla.org :: Administration, task)

Production
task
Not set

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: amuntner, Assigned: dkl)

Details

Infosec would like to use "Due Date" to track an assigned fix-by date as part of our new bug tracking procedure. This will let us keep the process inside Bugzilla, avoiding reliance on external calendaring etc tools.

"Due Date" is only enabled for some product  categories, not all. I'm requesting that they are enabled for all components of the following product categories:

all websites(everything in cloud services, blog, any product that is a website)
web services (fxa, sync, hello/loop, any web service)
infrastructure(webops, netops, etc)
infosec bugs

Thank you
Flags: needinfo?(amuntner)
Flags: needinfo?(amuntner)
do you mind providing an exact list of BMO products for us? this will make it easier for us to implement. you can also limit it to certain components within a product. currently the list is:

        "bugzilla.mozilla.org"        => [],
        "Community Building"          => [],
        "Data & BI Services Team"     => [],
        "Data Compliance"             => [],
        "Developer Engagement"        => [],
        "Infrastructure & Operations" => [],
        "Marketing"                   => [],
        "mozilla.org"                 => ["Security Assurance: Review Request"],
        "Mozilla Metrics"             => [],
        "Mozilla PR"                  => [],
        "Mozilla Reps"                => [],

Thanks
dkl
Flags: needinfo?(amuntner)
I'm not sure how to answer the question.  I have seen security bugs in every single one of these products. 
We have about 3000 websites and I don't have a complete list, there is none yet. 

I'm pretty sure BMO already has Due Date.
Flags: needinfo?(amuntner)
(In reply to Adam Muntner [:adamm] (use NEEDINFO) from comment #2)
> I'm not sure how to answer the question.  I have seen security bugs in every
> single one of these products. 
> We have about 3000 websites and I don't have a complete list, there is none
> yet. 
> 
> I'm pretty sure BMO already has Due Date.

Yes the BMO product has the due date field. But unfortunately it is not simple as enabling it globally for all products without getting approval from the product owners. I suppose I could get a list of all components in the database which end in (.org|.com) for a start but I am not sure that will catch everything you are interested in.

dkl
(In reply to David Lawrence [:dkl] from comment #3)
> Yes the BMO product has the due date field. But unfortunately it is not
> simple as enabling it globally for all products without getting approval
> from the product owners. I suppose I could get a list of all components in
> the database which end in (.org|.com) for a start but I am not sure that
> will catch everything you are interested in.
> 
> dkl

This is the current list of *(.org|.com) component names

product   component
---------------------------
Bugzilla 	bugzilla.org
Developer Services 	Mercurial: hg.mozilla.org
Firefox Affiliates Graveyard 	affiliates.mozilla.org
Firefox Friends 	friends.mozilla.org
Instantbird Servers 	addons.instantbird.org
Instantbird Servers 	blog.instantbird.com
Instantbird Servers 	buildbot.instantbird.org
Instantbird Servers 	crash-stats.instantbird.com
Instantbird Servers 	hg.instantbird.org
Instantbird Servers 	update.instantbird.org
Instantbird Servers 	wiki.instantbird.org
Instantbird Servers 	www.instantbird.com
L20n 	L20n.org
Mozilla Metrics 	downloadstats.mozilla.com
Mozilla Reps 	reps.mozilla.org
Webmaker 	webmaker.org
Webmaker 	welcome.webmaker.org
Websites 	activations.mozilla.org
Websites 	air.mozilla.com
Websites 	bespinplugins.mozillalabs.com
Websites 	blog.mozilla.org
Websites 	browserchoice.mozilla.com
Websites 	careers.mozilla.org
Websites 	communitystore.mozilla.org
Websites 	creative.mozilla.org
Websites 	demos.mozilla.org
Websites 	detodosparatodos.org
Websites 	donate.mozilla.org
Websites 	downloadstats.mozilla.com
Websites 	feeds.mozilla.com
Websites 	firefoxgarden.org
Websites 	gear.mozilla.org
Websites 	getfirebug.com
Websites 	glow.mozilla.org
Websites 	inform.mozilla.org
Websites 	intlstore.mozilla.org
Websites 	learningfreedomandtheweb.org
Websites 	markup.mozilla.org
Websites 	mobilepartners.mozilla.org
Websites 	mozillalabs.com
Websites 	openbadges.org
Websites 	other.mozilla.org
Websites 	planet.mozilla.org
Websites 	plugins.mozilla.org
Websites 	spark.mozilla.org
Websites 	store.mozilla.org
Websites 	studentreps.mozilla.org
Websites 	tools.mozilla.com
Websites 	webifyme.org
Websites 	website-archive.mozilla.org
Websites 	wiki.mozilla.org
Websites 	workshop.mozilla.org
Websites 	www.mozilla-japan.org
Websites 	www.mozillaonline.com
Websites 	www.seamonkey-project.org

Do we want to start with that?

dkl
Flags: needinfo?(amuntner)
(In reply to David Lawrence [:dkl] from comment #4)
> Do we want to start with that?

Also if you could compile a list of components in the web services, infrastructure(webops, netops, etc), and infosec categories, we can add those to the list as well.

dkl
 Product: Add-on SDK, addons.mozilla.org, addons.mozilla.org Graveyard, Air Mozilla, AUS, Bugzilla, bugzilla.mozilla.org, Calendar, CCK, Cloud Services, Cloud Services Graveyard, Community Building, Composer, Content Services, Core Graveyard, Data & BI Services Team, Data & BI Services Team Graveyard, Data Compliance, Datazilla, Derivatives, Developer Documentation, Developer Ecosystem, Developer Engagement, Developer Services, Documentation, Enterprise Information Security, Enterprise Information Security Graveyard, Extend Firefox Graveyard, Firefox Health Report, Firefox Health Report Graveyard, Focus, FSA, Grendel, Hello (Loop), Infrastructure & Operations, Infrastructure & Operations Graveyard, Input, Instantbird Servers, Intellego, Internet Public Policy, Invalid Bugs, L20n, Localization Infrastructure and Tools, MailNews Core Graveyard, Marketing, Marketplace, Minimo, Mozilla Corporation, Mozilla Developer Network, Mozilla Foundation, Mozilla Foundation Communications, Mozilla Grants, Mozilla Labs, Mozilla Labs Graveyard, Mozilla Localizations, Mozilla Localizations Graveyard, Mozilla Messaging, Mozilla Metrics, Mozilla QA, Mozilla QA Graveyard, Mozilla Reps, mozilla.org, mozilla.org Graveyard, MozillaClassic, mozillaignite, MozReview, Other Applications, Other Applications Graveyard, Pancake, Participation Infrastructure, Penelope, Petri, Plugin Check, Plugins Graveyard, Powertool, Privacy, quality.mozilla.org, SeaMonkey, Servo, Shield, Skywriter, Snippets, Socorro, Socorro Graveyard, support.mozilla.org, support.mozilla.org Graveyard, support.mozillamessaging.com Graveyard, Taskcluster, Tech Evangelism, Tech Evangelism Graveyard, Testing Graveyard, Testopia, Thunderbird, Toolkit Graveyard, Tracking, Tree Management, Tree Management Graveyard, Untriaged Bugs, Web Apps, Web Compatibility, Webmaker, Websites, Websites Graveyard, Webtools, Webtools Graveyard, www.mozilla.org Classification: Client Software, Server Software, Other, Graveyard 

That should be it. Thanks David!
Flags: needinfo?(amuntner)
Assignee: nobody → dkl
Status: NEW → ASSIGNED
To https://github.com/mozilla-bteam/bmo.git
   3442a95..d3da04e  master -> master
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Reopening as we got some kickback on enabling the due date field on certain products. I would need to go to each of the product owners and get some kind of approval before pushing this large list. Unless we can shrink it down somewhat.

Another idea for thought is to create a tracking bug in your own product, set a due date on it instead, and then set the security bug as a dependency. Would that work?

dkl
Status: RESOLVED → REOPENED
Flags: needinfo?(amuntner)
Resolution: FIXED → ---
This change was pushed live today.

dkl
(In reply to David Lawrence [:dkl] from comment #8)
> Reopening as we got some kickback on enabling the due date field on certain
> products. I would need to go to each of the product owners and get some kind
> of approval before pushing this large list. Unless we can shrink it down
> somewhat.
> 
> Another idea for thought is to create a tracking bug in your own product,
> set a due date on it instead, and then set the security bug as a dependency.
> Would that work?
> 
> dkl

ping. Do we need to do anything else for this bug?

dkl
No movement on this bug, and having the due date on a product requires consent of the appropriate module peer / owner / someone with authority.
Status: REOPENED → RESOLVED
Closed: 4 years ago3 years ago
Resolution: --- → INCOMPLETE
Flags: needinfo?(amuntner)
You need to log in before you can comment on or make changes to this bug.