If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Access to security bug denied to me

RESOLVED FIXED

Status

mozilla.org
Governance
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: BenB, Assigned: dveditz)

Tracking

Details

(Reporter)

Description

4 years ago
I'm a founding member of the security group and need access to all Mozilla security bugs, without exception. Bug 700979 is supposedly a Thunderbird security bug, but I am denied access. Please ensure that I can access all security bugs.

Thank you.

(A critical part of my role is to ensure good government of security bugs, which requires that I see everything without exception.)

(FWIW, once granted access, I will remove the embargo on that particular bug, because it was publicly reported about by a news site.)
You really haven't read your s-g mail lately, then have you? Bugs are getting restricted to sub groups that actually need access to them. See https://securitywiki.mozilla.org/Client_Security_Teams. Specifically, bug 700979 falls under the mail security team.

I've unhidden the bug, but marking this WFM, as the reason for you not accessing the bug is fine.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 2

4 years ago
Hey reed, I've read discussions about it, and I can see the rational behind it, but I have consistently asked to be given access to all of the groups. It's important that there is oversight from people outside the Mozilla employees, to ensure that mozilla.org treats these security bugs properly - both procedurally and quantitatively. One important purpose for my membership - since the very beginning - is exactly that.

I think I have earned this trust, too. I've been there since the very creation of this security group, and the formulation of its guiding principles.

I can only fulfill this role when granted access to all bugs.

I've assigned this to dveditz, because a) he's the head of security and b) I believe that he understands where I am coming from.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
(Reporter)

Updated

4 years ago
Status: REOPENED → ASSIGNED
(Reporter)

Comment 3

4 years ago
Based on https://securitywiki.mozilla.org/Client_Security_Teams , it seems like the "Client Security Triage Team" seems like the right bucket to me.
(Reporter)

Comment 4

4 years ago
FWIW, I rigorously manage my client security, much more even than most developers.
We don't track this stuff in Bugzilla. If you have an issue, e-mail dveditz directly.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago4 years ago
Resolution: --- → INVALID
(Reporter)

Comment 6

3 years ago
I seem to have access to Security-Core again, e.g. to bug 1012694. Thanks a lot! This is a big relieve for me.
Resolution: INVALID → FIXED
You need to log in before you can comment on or make changes to this bug.