Open Bug 1538239 Opened 6 years ago Updated 1 year ago

Move sec-approval into Phabricator

Categories

(Conduit :: Phabricator, enhancement, P2)

Product:
Conduit
Component:
Phabricator
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: smacleod, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: conduit-triaged)

The “sec-approval” flag needs some analog in Phabricator for the new process and for use in Lando. This can be used to create a better warning based on sec-approval.

  • Create a “sec-approval” project in Phabricator, with members being those who can set “sec-approval+” in bugzilla.
  • Document a process for the management of those with the permission to provide sec-approval.
  • Document a process around requesting sec-approval by asking for review from the sec-approval project and receiving approval or changes being requested.
    • Plan is to have Lando take care of this automatically when prompting you for a sanitized commit message.
  • Ensure there is a good notification / dashboarding story for sec-approval requests
    • Documentation around managing the notification emails and dashboarding would be useful.

We should also ensure we:

  • Update Lando API to special case and never include “sec-approval” as a reviewer in the commit message.
    • A patch having sec-approval is sensitive and we should not leak this.
  • Update Lando API to have a landing warning when sec-approval has not been given for a security revision.
    • We’re starting with a warning and can aim to have a hard blocker in later milestones.
Blocks: 1538242
No longer blocks: 1538242
Assignee: mars → nobody
You need to log in before you can comment on or make changes to this bug.