| Summary: | Restrict default CC field write access to only add/remove own account handle | ||
|---|---|---|---|
| Product: | Gentoo Infrastructure | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Bugzilla | Assignee: | Bugzilla Admins <bugzilla> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | enhancement | CC: | ago, betelgeuse, binki, bug-wranglers, comrel, pacho |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Jeroen Roovers (RETIRED)
2010-02-28 22:29:49 UTC
(In reply to comment #0) > 3) If bug-wranglers are slacking, reporters can always alert anyone they like > to the bug report by simply mailing them directly. This helps keep bug reports > clean too. If this is prefered to the CC field, this should be advertised to users. I had no idea before that this was an acceptable method of alerting people about a bug. I think this is a good proposal with two additions: 1. CC: restriction only for bugs which are assigned to bug-wranglers@g.o 2. CC: restriction only against adding @g.o addresses Reasoning: 1. After the bugs have been assigned, there is less motivation to circumvent the Assignee restriction 2. Targets of CC: misuse are mostly @g.o addresses. An exception to this could be proxy-maintained packages, but these are not very common. If the restriction turns out to be ineffective due to one of these additions, it could be dropped at a later time. I feel you're looking for a technical solution to a social problem here. If you've got cases of users adding developers to the CC list just because they want the attention, that should be taken to userrel, as I feel it constitutes spamming the developer/herd. I'm also against it, because I've got a number of users that I've explicitly told to CC me on certain bugs and various situations, for a number of reasons. I agree that the users shouldn't be doing it in the first place unless they have a very good reason, but I'm worried about more damage being done by blocking it. I propose RESO WONTFIX here, but I'd like to hear from userrel. (In reply to comment #3) > I feel you're looking for a technical solution to a social problem here. If > you've got cases of users adding developers to the CC list just because they > want the attention, that should be taken to userrel, as I feel it constitutes > spamming the developer/herd. It's not something userrel should be tasked with to solve, I think, as we have a huge user base doing this sort of stuff. Would the proposed alternative, namely to only restrict CC in this way for bugs assigned to bug-wranglers, be a better solution? It would solve the bug wrangling problem and nothing else. > I'm also against it, because I've got a number of users that I've explicitly > told to CC me on certain bugs and various situations, for a number of reasons. We already have ACLs, don't we? I had another concerned bugzilla user ask if this would apply to everyone, and I apparently didn't make clear that this restriction should apply only by default. Proxy maintainers and valuable contributors should of course gain the privilege, just as we're doing it now with the Assignee field. In fact, the Assignee and CC ACLs should probably match. > I agree that the users shouldn't be doing it in the first place unless they > have a very good reason, but I'm worried about more damage being done by > blocking it. We can certainly discuss that before we do anything. > I propose RESO WONTFIX here, but I'd like to hear from userrel. I call that trigger happy. If we can't find agreement here and now, we can always go to the -dev@ list and onward. Saying now that you'd rather WONTFIX will not get us rid of the very real problem bug wranglers face. One alternative would be to open Assignee to everyone, but then you'd have the devs up in arms again. Opening assignee isn't appropriate I agree. But for the users I'm thinking of that I want to keep the ability to add me to the CC list, they exist at a lower level than the proxy maintainers and valued contributors. I don't want them to have full access to a bug, just the CC field and comments like they presently do. Just because a bug is still assigned to bug-wranglers, doesn't mean the ability should go away either. For my co-workers from previous jobs, and people I do consulting with, I've told them explicitly that if they file a bug (and the default assignee goes to bug-wranglers), to CC me on it with a comment as to why they were doing so, and I'd look at it, often assigning it to myself or a suitable person in the process. I can't also go around explicitly getting their accounts ahead of time and giving them an additional ACL, as in many cases they haven't had existing Bugzilla accounts. They also might be adding a CC to the upstream developer (I've seen upstreams ask elsewhere to be added to bugs sometimes). WRT to userrel, I'm saying: 1. The first time a user does this inappropriately, warn them yourselves. 2. The second time, alert userrel, official warning here. 3. The third time, tell userrel, and bugzilla admins block their account for BugZilla abuse. Because really, the users you want to block from adding CC data, they are abusing BugZilla due to their own perceived lack of progress. I'm with Robin. Users can't assign, so they CC. We take away CC, so they e-mail developers directly, we take e-mail away, they mail me letters filled with anthrax. I think the real question for Userrel is: "Why are users doing this?" and I suspect the answer is "Users want more attention on their bugs." Which leads to two more questions: "Why are bugs not getting the attention they deserve?" and "How can we provide users with a means to bring attention to bugs without annoying developers and bug-wranglers?" I think part of the answer is bugday, part of the answer is bug voting (enabled at one point I thought?) and perhaps others. Thanks antarus. Bug voting is enabled, and somewhat used. I think there's no harm in mailing a bug number to someone privately. It's obvious how we would end up having to trade off doing private mail instead of "allowed CCing", which probably happens a few dozens of times a month, with inconveniencing bug-wranglers who have to deal with this problem half a dozen times a day, even more so when the queue builds up, with added work because a list of a dozen or more CCs has to be ploughed through, and you're not going to inconvenience yourself. Adding more workload educating users is an entirely different consideration and shouldn't burden the average bug wrangler. For one thing, we've had better and better bug reporting documentation and it's done nothing much so far - users still file vague bug reports without the required info (emerge --info, build log and so on). Apart from that, users CC arch teams on their own, link to other bug reports (which is mere bug spam if they just wanted to draw attention, and is yet another workaround for the Assignee field restrictions that people like to employ), file duplicate bug reports for even newer version bumps because they can't change the Summary field either. Some users simply try to get you to walk through their installation process or X configuration with them. If we start snitching to userrel on the first, innocent offence, we're just going to burden ourselves and userrel further. And if you as ebuild developer want to have unprivileged users CC you immediately, then you can opt to extend the ACL system to suit your own needs - I do not have that option and I don't want it, but I can't believe you're trying to make the case that, wearing your developer hat, you don't see the problem. @antarus: Thanks for the private mail FUD. That's really meant to improve user relations? (In reply to comment #6) > I'm with Robin. Users can't assign, so they CC. We take away CC, so they > e-mail developers directly, we take e-mail away, they mail me letters filled > with anthrax. > > I think the real question for Userrel is: > > "Why are users doing this?" and I suspect the answer is "Users want more > attention on their bugs." Which leads to two more questions: > > "Why are bugs not getting the attention they deserve?" and > "How can we provide users with a means to bring attention to bugs without > annoying developers and bug-wranglers?" > > I think part of the answer is bugday, part of the answer is bug voting (enabled > at one point I thought?) and perhaps others. I agree with both Robin and Alec in the above. (In reply to comment #5) > WRT to userrel, I'm saying: > 1. The first time a user does this inappropriately, warn them yourselves. > 2. The second time, alert userrel, official warning here. > 3. The third time, tell userrel, and bugzilla admins block their account for > BugZilla abuse. > > Because really, the users you want to block from adding CC data, they are > abusing BugZilla due to their own perceived lack of progress. I agree with Robin that the above sounds the best procedure. I have user edit privileges, so I can also take care of 3 if / when required. so i think we agreed this is a WONTFIX ? *** Bug 392653 has been marked as a duplicate of this bug. *** *** Bug 497864 has been marked as a duplicate of this bug. *** |
