There is concern that the aliases.json file used by the ETL, and (was) stored in Github, is a security concern. This information is required to make sense of the BZ history. Instead of a file, it is probably better to store it in the private cluster anyway.
I would classify this as more of a privacy concern than a security concern. While the information is public this aggregate from is likely sub-optimal and I agree we should consider storing it someplace else if having it in this form has a business need.
OS: Windows 7 → All
Hardware: x86_64 → All
Adding Stacy and Alina from the privacy team.
For now the file is encrypted with AES256. The key is shared with IT only. This is a temporary solution while I try to get the code deployed to production. Putting the alias list in the private cluster may be good for MoCo, but makes it invisible to the public, and prevents the BZ_ETL program from properly building the CC list history. The community must build their own alias list before running the main ETL. (using aliase_analysis.py) Here are the instructions: https://github.com/klahnakoski/Bugzilla-ETL#alias-analysis
Deploy to production works with encrypted file. Closing.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.