Closed Bug 962114 Opened 10 years ago Closed 10 years ago

Alias Analysis uses aliases.json file: Remove it.

Categories

(mozilla.org :: Project Review, task)

Product:
mozilla.org
Component:
Project Review
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ekyle, Unassigned)

Details

There is concern that the aliases.json file used by the ETL, and (was) stored in Github, is a security concern.

This information is required to make sense of the BZ history.  Instead of a file, it is probably better to store it in the private cluster anyway.
I would classify this as more of a privacy concern than a security concern. While the information is public this aggregate from is likely sub-optimal and I agree we should consider storing it someplace else if having it in this form has a business need.
OS: Windows 7 → All
Hardware: x86_64 → All
Adding Stacy and Alina from the privacy team.
For now the file is encrypted with AES256.  The key is shared with IT only.  This is a temporary solution while I try to get the code deployed to production.

Putting the alias list in the private cluster may be good for MoCo, but makes it invisible to the public, and prevents the BZ_ETL program from properly building the CC list history.  The community must build their own alias list before running the main ETL. (using aliase_analysis.py)

Here are the instructions:  https://github.com/klahnakoski/Bugzilla-ETL#alias-analysis
Deploy to production works with encrypted file.  Closing.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.