Summary: | problem filing/modifying restricted bugs for unprivileged users | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Bugzilla | Assignee: | Bugzilla Admins <bugzilla> |
Status: | RESOLVED LATER | ||
Severity: | major | CC: | jakub, security |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2008-03-23 17:27:51 UTC
That's how the bugzilla2 security has always worked. Wait for bugzilla3 if you want anything different. hm... then for how long has this been the case for bugs.g.o? It would mean our (security@g.o) one of our documented ways of confidentially contacting us has not been working. So it is really not possible for a regular user to comment on a restricted bug even if he is on the CC list? What does a user need to be able comment on those bugs then, editbugs priv? This really is a problem for our handling of restricted bugs in certain cases. (In reply to comment #0) > When using the advanced form to file a bug, normal users don't have the > necessary checkbox ("Only users in...") to restrict a bug to Gentoo Security. Yeah, thanks got they haven't any more. See Bug 122990 and don't ever introduce this back. jakub, I very well remember the problems we had with users filing restricted bugs outside the security project... I still have a saved search for all sec restricted bugs from that time. And there really is no need for users being able to file security restricted bugs in any project but Gentoo Security. The problem that came up is that they are not allowed to post restricted bugs in the sec product and that has been one of the ways to contact us regarding confidential issues which has been documented on security.g.o for a long time. What really makes it complicated now is that if we file a restricted bug and want to CC the original reporter on it so he can give more input, that is not possible (see bug desc). (In reply to comment #4) > What really makes it complicated now is that if we file a restricted bug and > want to CC the original reporter on it so he can give more input, that is not > possible (see bug desc). This works perfectly fine for normal bugs, and works perfectly fine for Developer Relations product; IOW you can comment just normally if people in CC are allowed to access the bug. Why it wouldn't work for Gentoo Security product, really no idea. |