Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 214413 - problem filing/modifying restricted bugs for unprivileged users
Summary: problem filing/modifying restricted bugs for unprivileged users
Status: RESOLVED LATER
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Bugzilla (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Bugzilla Admins
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-23 17:27 UTC by Matthias Geerdsen (RETIRED)
Modified: 2011-10-30 23:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2008-03-23 17:27:51 UTC 
When using the advanced form to file a bug, normal users don't have the necessary  checkbox ("Only users in...") to restrict a bug to Gentoo Security. Also if I file a restricted bug and CC a user, he is able to access the bug, but not to modify it . Trying to post a comment results in 
"Not allowed You tried to change the CC list accessible? field from 1 , but only the assignee or reporter of the bug, or a sufficiently empowered user may change that field." The checkboxes this error message complains about, are not there for normal users.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-03-23 19:32:36 UTC 
That's how the bugzilla2 security has always worked. Wait for bugzilla3 if you want anything different.
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2008-03-23 20:42:40 UTC 
hm... then for how long has this been the case for bugs.g.o? It would mean our (security@g.o) one of our documented ways of confidentially contacting us has not been working. So it is really not possible for a regular user to comment on a restricted bug even if he is on the CC list? What does a user need to be able comment on those bugs then, editbugs priv? This really is a problem for our handling of restricted bugs in certain cases.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2008-03-23 22:32:06 UTC 
(In reply to comment #0)
> When using the advanced form to file a bug, normal users don't have the
> necessary  checkbox ("Only users in...") to restrict a bug to Gentoo Security.

Yeah, thanks got they haven't any more. See Bug 122990 and don't ever introduce this back.
Comment 4 Matthias Geerdsen (RETIRED) gentoo-dev 2008-03-23 23:13:50 UTC 
jakub, I very well remember the problems we had with users filing restricted bugs outside the security project... I still have a saved search for all sec restricted bugs from that time. And there really is no need for users being able to file security restricted bugs in any project but Gentoo Security. 
The problem that came up is that they are not allowed to post restricted bugs in the sec product and that has been one of the ways to contact us regarding confidential issues which has been documented on security.g.o for a long time. What really makes it complicated now is that if we file a restricted bug and want to CC the original reporter on it so he can give more input, that is not possible (see bug desc).
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2008-03-23 23:23:03 UTC 
(In reply to comment #4)
> What really makes it complicated now is that if we file a restricted bug and
> want to CC the original reporter on it so he can give more input, that is not
> possible (see bug desc).

This works perfectly fine for normal bugs, and works perfectly fine for Developer Relations product; IOW you can comment just normally if people in CC are allowed to access the bug. Why it wouldn't work for Gentoo Security product, really no idea.