Closed Bug 231401 Opened 21 years ago Closed 21 years ago

Bugmail about new bugs doesn't list initial security groups

Categories

(Bugzilla :: Email Notifications, defect)

Product:
Bugzilla
Component:
Email Notifications
Version:
2.17.6
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 179638

People

(Reporter: justdave, Assigned: preed)

Details

Bugmail about new bugs doesn't list the initial security groups.
This was first noticed on bugzilla.mozilla.org, and caused an unintentional
confidential data leak because it wasn't obvious from the new bug mail that the
bug was secured.  I can reproduce it on landfill/bugzilla-tip.

I think this is a matter of turning on the mailhead flag for the groups field in
fielddefs, however, it may need other special stuff to get the group list right.

I'd like this before the b.m.o upgrade if at all possible for obvious reasons. :)
Actually, this does not apply exclusively to new bugs.  At least as a
configuration option, this needs to be capable of identifying the security
classification of a bug on ALL bugmail.  Consider the possibility that someone
is added to the CC list of a bug after it is already created.  The exact
scenario described for new bugs teh applies to a non-new bug.

If bug 94850 is ever to become real, the awareness of the security
classification will have to be absolutely routine.



*** This bug has been marked as a duplicate of 179638 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.