Closed
Bug 366994
Opened 19 years ago
Closed 16 years ago
private comments cause bugmail to not be sent to people not in the insider group even if there are public changes
Categories
(Bugzilla :: Creating/Changing Bugs, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.6
People
(Reporter: timeless, Assigned: mkanat)
References
()
Details
(Whiteboard: [es-ita])
Attachments
(1 file)
|
3.59 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
neil filed a bug with a private comment 0. that cheated timeless@gmail (not a security group member) out of a bugmail.
Flags: blocking3.0?
|
Assignee | |
Comment 1•19 years ago
|
||
I don't know how much re-architecture this would take to fix, but for now I'll say it's a blocker. If we discover that the fix would be very invasive, its blocking status may change.
Flags: blocking3.0? → blocking3.0+
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Summary: private comments cheat global watchers out of new bug notifications → private comments cause new bugmail to not be sent to people not in the security group
Target Milestone: --- → Bugzilla 3.0
|
||
Comment 2•19 years ago
|
||
We have to be very careful about the information to put into the bugmail. We will have to filter all private data (attachment + comments) if the addressee is not in the insider group. Also, in the case of bugmail aggregation, we have to make sure private comments are removed.
|
|
Assignee | |
Comment 3•19 years ago
|
||
Okay. Since this is not a regression and would be very complicated to fix, it's not a blocker. But we should really look into it for 3.2.
Flags: blocking3.0+ → blocking3.0-
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
|
|
||
Comment 4•19 years ago
|
||
I still think we can take it for 3.0, despite it's not a blocker.
|
|
Assignee | |
Comment 5•18 years ago
|
||
Bugzilla 3.2 is now frozen. Only enhancements blocking 3.2 or specifically approved for 3.2 may be checked in to the 3.2 branch. If you would like to nominate your enhancement for Bugzilla 3.2, set the "blocking3.2" flag to "?". Then, either the target milestone will be changed back, or the blocking3.2 flag will be granted, if we will accept this enhancement for Bugzilla 3.2.
This particular bug has not been touched in over eight months, and thus is being retargeted to "---" instead of "Bugzilla 4.0". If you believe this is a mistake, feel free to retarget it to Bugzilla 4.0.
Target Milestone: Bugzilla 3.2 → ---
|
|
||
Updated•17 years ago
|
Target Milestone: --- → Bugzilla 4.0
|
|
Assignee | |
Updated•16 years ago
|
Assignee: create-and-change → mkanat
Whiteboard: [es-ita]
Target Milestone: Bugzilla 4.0 → Bugzilla 3.6
|
|
Assignee | |
Updated•16 years ago
|
Summary: private comments cause new bugmail to not be sent to people not in the security group → private comments cause new bugmail to not be sent to people not in the insider group
|
|
Assignee | |
Comment 6•16 years ago
|
||
Wow, this was surprisingly simple to fix.
Attachment #409047 -
Flags: review?(dkl)
|
|
Assignee | |
Comment 7•16 years ago
|
||
This actually wasn't just happening with the "New:" bugmail, it was happening with all bugmail.
Status: NEW → ASSIGNED
Summary: private comments cause new bugmail to not be sent to people not in the insider group → private comments cause bugmail to not be sent to people not in the insider group even if there are public changes
|
|
Assignee | |
Comment 8•16 years ago
|
||
By the way, lest anybody suggest we take this for 3.4: I know that it's sort of a bug fix, but it's also a significant security change in the way that Bugzilla works, so I don't want to spring that on people during a stable branch.
|
||
Comment 9•16 years ago
|
||
Comment on attachment 409047 [details] [diff] [review]
v1
Ok I have verified that this patch works and that public changes are still delivered to non-insider even when comment and/or attachment is set to private. Code looks fine to me as well. r=dkl
Attachment #409047 -
Flags: review?(dkl) → review+
|
|
Assignee | |
Updated•16 years ago
|
Flags: approval+
|
|
Assignee | |
Comment 10•16 years ago
|
||
Checking in Bugzilla/BugMail.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/BugMail.pm,v <-- BugMail.pm
new revision: 1.130; previous revision: 1.129
done
|
||
Comment 12•15 years ago
|
||
I know it's a little late now, but I just noticed this in the release notes for 3.6. I wonder if this fix is a good idea?
For us, it is definitely a regression, as we relied on the ability to make changes to a bug without notifying people, by also including a Private comment. It may have been hackish, but it worked, and now there is no way (that I know of) to do that.
|
|
||
Comment 13•15 years ago
|
||
Hiding changes to people is bad thing. It's not your role to decide what other users want to get as notifications or not. Especially when you know that your changes are not secret as they are visible in the bug history. So yes, fixing this bug was a good and necessary thing.
You need to log in
before you can comment on or make changes to this bug.
Description
•