security bugs not marked in dependency tree




17 years ago
13 years ago


(Reporter: myk, Unassigned)



dependency trees don't show you which bugs are secure.  that would be useful
information to know when making judgements about what bugs to work on from a
list.  at the same time, resolved bugs are both lined out and background-shaded.
 we should just line them out and use background shading to indicate security
status per bug lists.
Additionally, dependency trees omit bugs that you don't have access to.

For example, the '1.2 not suck bug' (bug 174647) is dependent on a set of
security bugs (159450 and 161357, for example).  I can see them in the depends
on list, but not the dependency tree.

I see no reason that they shouldn't appear in the tree (minus the description,
The User Interface component now belongs to Gerv.  Reassigning all UNCONFIRMED
and NEW (but not ASSIGNED) bugs currently owned by Myk (the previous component
owner) to Gerv.
Assignee: myk → gerv
Reassigning back to Myk.  That stuff about Gerv taking over the User Interface
component turned out to be short-lived.  Please pardon our confusion, and I'm
very sorry about the spam.
Assignee: gerv → myk
Secured bugs shouldn't appear in the list or the tree.
Severity: normal → trivial
Target Milestone: --- → Bugzilla 2.22
Unless the user viewing the tree is allowed to, right?
QA Contact: mattyt-bugzilla → default-qa
Target Milestone: Bugzilla 2.22 → ---
No, they should definitely appear in all cases; otherwise the people looking at the bug cannot tell that something is happening to fix it. If there is a list that the bug depends on then the user knows the bug is being worked on.

The summary of the bug should be displayed as something to the effect of "unauthorized to view"
Assignee: myk → ui
You need to log in before you can comment on or make changes to this bug.