Status

RESOLVED DUPLICATE of bug 1278974
2 years ago
2 years ago

People

(Reporter: bhearsum, Assigned: bhearsum)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

2 years ago
Currently, anyone with the right permission can make a change to Balrog. This means that if someone's account is compromised (particularly someone with admin permissions), they can affect updates. We want to mitigate this by requiring dual sign off for some types of changes to Balrog. The exact scope of what should require dual sign off is undecided, but it could be any of:
- Dual sign off for any change done by a human
- Dual sign off for any change for certain product+channel combinations (eg: Firefox, release)
- Dual sign off for all changes, period.
- Something else.

Implementation is to be determined, but it could tie into some existing or other desired work, including:
- Can/should we implement dual sign off as a special type of Scheduled Change.
- Should we think about implementing a rule change sandbox at the same time (https://bugzilla.mozilla.org/show_bug.cgi?id=1141801)
- Should we think about introducing sets of rule changes at the same time? Possibly related to the sandbox.

I don't want this to spiral out of control into a panacea, but at least thinking about how dual sign off may fit into the above is worthwhile to avoid boxing ourselves in.
(Assignee)

Updated

2 years ago
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1278974
(Assignee)

Updated

2 years ago
Assignee: nobody → bhearsum
You need to log in before you can comment on or make changes to this bug.