Closed Bug 1561701 Opened 6 years ago Closed 5 years ago

add way to "cc:" people on crash reports

Categories

(Socorro :: Webapp, enhancement, P3)

Product:
Socorro
Component:
Webapp
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: willkg, Unassigned)

Details

Bugzilla lets you cc: people on a bug in order to see it. For example, I could write up a security-websites bug which I can see and Jim-Bob can't see because he's not in the group, but then I can cc: him on the bug so he can see it, too.

In Crash Stats, if you're not in the hackers group, you can't see any PII or minidumps. In order to see that data currently, you have to get added to the hackers group--but then you can see all PII and minidump data for all the crash reports.

There are circumstances where it's not great to have a "all or nothing" view of all the PII and minidump data. Some people don't want access to all of the data.

Eric suggested adding a cc: feature to Crash Stats such that he could cc: someone on a crash report allowing them to see PII and minidump data.

This bug covers looking into how that works with our data policy, how it might work technically, and determining whether it's feasible or not.

I was thinking about this. One of the complications here is that the permissions model in Socorro is pretty entangled with a lot of other things and isn't easy to audit for correctness. I've been loathe to do anything that touches it.

However, I was thinking maybe it's possible to bolt the whole cc thing on separately and not touch the existing permissions model. Someone who is cc'd on a crash report would be able to use the report view and download the files, but that's it--being cc'd wouldn't affect supersearch or the APIs.

Maybe something like this might work:

  1. Add a CAN_BE_CCED group. To be a member, one would submit a request to get added to the group similar to the PII access request.
  2. Add a CAN_CC group. To be a member, one would need PII access and submit a request to get added to the group and whatever that entails. Members can cc existing crash-stats users who are in the CAN_BE_CCED group to crash reports. We'd add a web ui thing for managing ccing people.
  3. Add a table of "crash report", "user", "cc'd by user", "date".
  4. Someone who is cc'd on a crash report can see the full crash report with PII just like the "this is my crash report" scenario. That's it. I think that lets them download files.

Some additional things:

  1. If the "cc'd by user" loses PII access, then I think everyone they cc'd should also lose access. The auditing process should handle this.
  2. Crash report data only lasts for 6 months. Socorro should delete cc's for crash reports that have expired. I'm not sure how to do this offhand, but a first pass could be expire cc's for crash reports older than 6 months as determined by the datestamp in the crash report id.
  3. We should log who cc'd who on what.

There are probably other ways we could implement this, but this is the one I was thinking about in the shower this morning.

Going back to the value of this work, I know this affects Nika. I'm not sure who else this affects. It'd be good to build a list of use cases and affected people and projects to make this less theoretical. It's a chunk of work to do and maintain, so it needs some mandate or proof-of-value or something.

This is a pretty big undertaking to build and has ongoing maintenance costs. While I see the value here, in the 2 years this bug has been around, it hasn't built up enough value to justify the work required. For now I'm going to mark it WONTFIX, but maybe we can revisit it in the future.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.