Closed
Bug 962114
Opened 10 years ago
Closed 10 years ago
Alias Analysis uses aliases.json file: Remove it.
Categories
(mozilla.org :: Project Review, task)
mozilla.org
Project Review
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ekyle, Unassigned)
Details
There is concern that the aliases.json file used by the ETL, and (was) stored in Github, is a security concern. This information is required to make sense of the BZ history. Instead of a file, it is probably better to store it in the private cluster anyway.
I would classify this as more of a privacy concern than a security concern. While the information is public this aggregate from is likely sub-optimal and I agree we should consider storing it someplace else if having it in this form has a business need.
OS: Windows 7 → All
Hardware: x86_64 → All
Comment 2•10 years ago
|
||
Adding Stacy and Alina from the privacy team.
Reporter | ||
Comment 3•10 years ago
|
||
For now the file is encrypted with AES256. The key is shared with IT only. This is a temporary solution while I try to get the code deployed to production. Putting the alias list in the private cluster may be good for MoCo, but makes it invisible to the public, and prevents the BZ_ETL program from properly building the CC list history. The community must build their own alias list before running the main ETL. (using aliase_analysis.py) Here are the instructions: https://github.com/klahnakoski/Bugzilla-ETL#alias-analysis
Reporter | ||
Comment 4•10 years ago
|
||
Deploy to production works with encrypted file. Closing.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•