Open Bug 1562650 Opened 6 years ago Updated 6 years ago

Lando warns that confidential bugs are security bugs even if they're not marked sec

Categories

(Conduit :: Lando, defect, P3)

Product:
Conduit
Component:
Lando
Type:
defect

Tracking

(Not tracked)

People

(Reporter: bryce, Unassigned)

References

Details

(Keywords: conduit-triaged)

I've just landed a patch associated with a confidential (but non-sec) bug on Lando and was shown the security warning (I believe bug 1515100 added this). Clarifying: the warning shown is a check box where I as the person landing the bug must acknowledge I have followed the secure bug process.

The bug I was landing is confidential to avoid leakage of sensitive partner information in discussion on the bug. That said, the bug does not relate to security.

While caution should be used with confidential bug patches, there are some aspects of the sec process that I believe don't apply here. For example, sec approval is not needed for the patches. Showing the sec warning message can be confusing for confidential non-sec bugs because of this.

Is it possible to differentiate between confidential and marked as sec bugs, and those just marked as confidential? If so, can we throw up different warnings in these cases?

Since the approval process is just a warning right now and not enforced through Lando this isn't super high priority at this point. We'll need to fix this as the approval process becomes more enforced.

No longer blocks: 1490796
Keywords: conduit-triaged
Priority: -- → P3
See Also: → 1490796
You need to log in before you can comment on or make changes to this bug.