Closed Bug 1720444 Opened 4 years ago Closed 4 years ago

Apply some changes to teams

Categories

(bugzilla.mozilla.org :: Administration, task)

Product:
bugzilla.mozilla.org
Component:
Administration
Type:
task

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: marco, Assigned: dkl)

References

Details

  1. Rename "Build & Code Quality" to "Compiler and Development Tools"

  2. Move "Firefox::PDF Viewer" and "Firefox::Headless" from "Low Level" to "Compiler and Development Tools"

  3. Move "Core::Preferences: Backend" and "Toolkit::Crash Reporting" from "Low Level" to "OS Integration"

  4. Move "Core::XPCOM" and "Toolkit::about:memory" from "Low Level" to "Crypto"

All done.

Assignee: nobody → dkl
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

I do not understand some of these changes, and they impact the security bug reports.

The most wrong are the two components added to the "Crypto" team. The crypto team has nothing to do with XPCOM, which is the core Gecko service-creation mechanism. The "about:memory" page and report is even further from anything the crypto team is working on. It's closer to DevTools than Crypto, but I think DevTools would be wrong, too. "Compiler and Development Tools" actually sounds kind of nice for it, but I don't know who you actually mean by that. I don't know where the best place for those two components might be, but I assure you no on on the "Crypto" team is anywhere near either of them.

"Low Level" was created as a kind of "Miscellaneous" for Core components that are fundamental but sort of under-owned. The stuff that no particular team wanted to take responsibility for security bugs in (I had originally assigned all that stuff to "DOM" as a kind of grab-bag).

"Crash Reporting" could I guess fit in the category of "OS Integration", but it's not really what gcp's team does. Maybe "Compiler and Development Tools" is better for that one, too. I don't care about that one so much because we hardly ever get security bugs in it.

"Preferences Backend" is platform independent so on its face "OS Integration" doesn't seem like a good fit. But if we've got someone assigned to it and they're in gcp's team then maybe? Unless you're killing off "Low Level" that really seems like a good fit for it.

I don't know how "PDF Viewer" ended up in "Low Level" -- it's clearly a front-end feature. It's not a fundamental building block for anything else in Gecko so it's not "Low Level". [really doesn't seem like a Development Tool, either, but based on where people report maybe that's the right spot now?].

Requests for Marco:

  1. I'll be filing a bug to revert at least the Crypto changes. I'd like to understand the motivation to know if they should simply go back to "Low Level" or if that "team" is going away and they should move elsewhere.

  2. When you change, add, or remove teams please also fix the security bug reports which are driven by team name. This week's reports were missing the bugs assigned to the now-missing "Build & Code Quality" team. Thankfully the reports still ran and didn't just give up at that point, but there wasn't an error message about the missing group so I would not have noticed if the Crypto team hadn't suddenly gained security bugs. Or at least give me a head's up on it.

Flags: needinfo?(mcastelluccio)

(In reply to Daniel Veditz [:dveditz] from comment #2)

I do not understand some of these changes, and they impact the security bug reports.

The most wrong are the two components added to the "Crypto" team. The crypto team has nothing to do with XPCOM, which is the core Gecko service-creation mechanism. The "about:memory" page and report is even further from anything the crypto team is working on. It's closer to DevTools than Crypto, but I think DevTools would be wrong, too. "Compiler and Development Tools" actually sounds kind of nice for it, but I don't know who you actually mean by that. I don't know where the best place for those two components might be, but I assure you no on on the "Crypto" team is anywhere near either of them.

I thought the Crypto team was composed by the people in Neha's team, which are the triage owners of XPCOM and about:memory.
Compiler and Development Tools is the team I'm managing.

"Low Level" was created as a kind of "Miscellaneous" for Core components that are fundamental but sort of under-owned. The stuff that no particular team wanted to take responsibility for security bugs in (I had originally assigned all that stuff to "DOM" as a kind of grab-bag).

There actually used to be a Low Level team, first managed by Eric Rahm, then Sylvestre. Now it basically no longer exists.

"Crash Reporting" could I guess fit in the category of "OS Integration", but it's not really what gcp's team does. Maybe "Compiler and Development Tools" is better for that one, too. I don't care about that one so much because we hardly ever get security bugs in it.

Gabriele Svelto, who is the triage owner of the Crash Reporting component, is now in gcp's team.

"Preferences Backend" is platform independent so on its face "OS Integration" doesn't seem like a good fit. But if we've got someone assigned to it and they're in gcp's team then maybe? Unless you're killing off "Low Level" that really seems like a good fit for it.

Yeah, Kris Wright is the triage owner, and she's in gcp's team.

I don't know how "PDF Viewer" ended up in "Low Level" -- it's clearly a front-end feature. It's not a fundamental building block for anything else in Gecko so it's not "Low Level". [really doesn't seem like a Development Tool, either, but based on where people report maybe that's the right spot now?].

It is indeed not a low level feature, nor a compiler and development tools one, but it is there based on which team the PDF.js owner and peers report to.

Requests for Marco:

  1. I'll be filing a bug to revert at least the Crypto changes. I'd like to understand the motivation to know if they should simply go back to "Low Level" or if that "team" is going away and they should move elsewhere.

As I described above, the motivation was: the triage owners of those components are reporting to Neha.
This is what I would need for the quality notification report, and I thought it was the same for the security report. If my assumption was wrong, we should figure out a different solution.

  1. When you change, add, or remove teams please also fix the security bug reports which are driven by team name. This week's reports were missing the bugs assigned to the now-missing "Build & Code Quality" team. Thankfully the reports still ran and didn't just give up at that point, but there wasn't an error message about the missing group so I would not have noticed if the Crypto team hadn't suddenly gained security bugs. Or at least give me a head's up on it.

Sorry, I'll do that next time. I thought the security bug report would automatically pick up the changes.

Flags: needinfo?(mcastelluccio)

(In reply to Marco Castelluccio [:marco] from comment #3)

I thought the Crypto team was composed by the people in Neha's team, which are the triage owners of XPCOM and about:memory.

Neha does manage the Crypto folks (inherited when Thyla left) but also even more not-crypto folks like the Fission and DOM Security teams. Crypto covers an area where we collaborate with other companies on development in NSS (RedHat, Inria) so it's appropriate to have its own carve-out.

If the motivation is "XPCOM/memory folks report to Neha" then "DOM" would currently be the most appropriate. There are several managers whose projects fall under "DOM" (Jens for sure, probably also Hsin-Yi now that she's back). If you're trying to do things "by Manager" you could try to pick and choose amongst the DOM components to split it. Talk to Joe Walker about that -- he might have ideas about how he might rebalance the teams now that Hsin-Yi's back, or maybe "DOM" all together is more useful.

If you want a simple two-way split you could check the triage owner field. Jens seems to be the TO for all or most of his. Neha is the TO for a lot of hers, plus peterv and ckerschbaumer report to her. There's a bunch of misc components though.

Sorry, I'll do that next time. I thought the security bug report would automatically pick up the changes.

It picks up the component changes, but has to be manually told about new or renamed teams. The report is generated from a team list so the queries don't miss when people split off new Products, and also excludes unwanted areas like Thunderbird and Website security bugs.

Thanks, now I know what to request for the wayward Crypto components, and I won't worry about the rest.

Regressions: 1721440
Regressions: 1721450
You need to log in before you can comment on or make changes to this bug.