Closed Bug 769152 Opened 8 years ago Closed 8 years ago

"Web Apps" product security group should not be webtools-security

Categories

(bugzilla.mozilla.org :: Administration, task)

Production
x86
macOS
task
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: dveditz, Assigned: dkl)

Details

Currently webtools-security seems to be the only secure group for the product Web Apps, and it's definitely the default group for newly filed security bugs. webtools is the wrong category of things for this product.

I'm a bit torn on whether this should be core-security or client-services-security. "core-security" was my first thought because the app mechanism is going to be built into our clients, but the most core-ish bits, the "Desktop Runtime" component, got moved into the Firefox bugzilla product. Looking at the remaining components "client-services-security" seems like a reasonably good fit: there are both app package and server aspects to this product.

Might want to get buy-in from the people working on the product first, though. CC'ing Lucas and Ragavan.
This will require some minor code changes to do this which I am happy to do once we get approval from Lucas and Ragavan. So sooner the better so we can get it into next weeks code push to production.

dkl
Makes sense to me.  I'd go with Dan's recommendation.
With Lucas' approval, should we go ahead with this then?

dkl
Lack of dissent implies consent. :)
Assignee: nobody → dkl
Status: NEW → ASSIGNED
This will go into effect after this weeks code push.

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0
modified extensions/BMO/lib/Data.pm
Committed revision 8236.

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2          
modified extensions/BMO/lib/Data.pm
Committed revision 8239. 

dkl
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
I edited the product to add the client-services-security group as "Shown/NA" -- not sure what happens if the default security bugs are filed into a group that isn't accessible on the product (maybe just means the group can't be removed?).

Oddly the product has the webtools-security group set to Default/NA which I haven't run across in BMO, but seems to make it so that when someone in the webtools-security group (such as myself) files a new bug it automatically ends up as a hidden bug. I don't know who created the product so I don't know if it's set that way by mistake or if there's a deeper meaning to it. I left it alone because I expect to remove that group from the product entirely after the code from comment 5 goes live.
(In reply to Daniel Veditz [:dveditz] from comment #6)
> I edited the product to add the client-services-security group as "Shown/NA"
> -- not sure what happens if the default security bugs are filed into a group
> that isn't accessible on the product (maybe just means the group can't be
> removed?).
> 
> Oddly the product has the webtools-security group set to Default/NA which I
> haven't run across in BMO, but seems to make it so that when someone in the
> webtools-security group (such as myself) files a new bug it automatically
> ends up as a hidden bug. I don't know who created the product so I don't
> know if it's set that way by mistake or if there's a deeper meaning to it. I
> left it alone because I expect to remove that group from the product
> entirely after the code from comment 5 goes live.

It went live last night. You're clear to remove both core-security and webtools-security.
You need to log in before you can comment on or make changes to this bug.