Closed Bug 1393532 Opened 2 years ago Closed 2 years ago
While we do not provide sanitization dumps to the public now, internally there are uses for the sanitizeme.pl script. This script includes no documentation, and there are only examples of calling it in the mana (but without any explanation of what is happening). It would be useful if there was a document in the repo (in rst, markdown, or pod) that described a medium-level view of what the script removes. This is tricky to get right, it must be somewhere between "it sanitizes the data" to re-stating everything the code does. I believe this should encompass two parts: An overview of what data is stored in BMO followed by what data is removed by the script. A starting point on what data is understood to need to be sanitized is: 1. user passwords (or hashes), API keys, session tokens 2. private products (products that arn't visibile when you're not logged in, e.g. Legal or Marketing) 3. security bugs (which are bugs that belong to a group) 4. private attachments, or attachments on bugs that are security bugs 5. request logs (last bug visit, user_request_log) This documentation shouldn't be so large as to be intimidating. It needs to answer the question of "what does the sanitizeme.pl script do?" to a level of detail that satisfies someone that does not have time to read the entire script.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.