Closed Bug 1296635 Opened 8 years ago Closed 8 years ago

dual sign off for balrog

Categories

(Release Engineering Graveyard :: Applications: Balrog (backend), defect)

Product:
Release Engineering Graveyard
Component:
Applications: Balrog (backend)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1278974

People

(Reporter: bhearsum, Assigned: bhearsum)

Details

Currently, anyone with the right permission can make a change to Balrog. This means that if someone's account is compromised (particularly someone with admin permissions), they can affect updates. We want to mitigate this by requiring dual sign off for some types of changes to Balrog. The exact scope of what should require dual sign off is undecided, but it could be any of: - Dual sign off for any change done by a human - Dual sign off for any change for certain product+channel combinations (eg: Firefox, release) - Dual sign off for all changes, period. - Something else. Implementation is to be determined, but it could tie into some existing or other desired work, including: - Can/should we implement dual sign off as a special type of Scheduled Change. - Should we think about implementing a rule change sandbox at the same time (https://bugzilla.mozilla.org/show_bug.cgi?id=1141801) - Should we think about introducing sets of rule changes at the same time? Possibly related to the sandbox. I don't want this to spiral out of control into a panacea, but at least thinking about how dual sign off may fit into the above is worthwhile to avoid boxing ourselves in.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Assignee: nobody → bhearsum
Product: Release Engineering → Release Engineering Graveyard
You need to log in before you can comment on or make changes to this bug.