On 30/05/18 18:59, Sarah Julia Kriesch wrote:
Gesendet: Mittwoch, 30. Mai 2018 um 10:49 Uhr Von: "Michal Kubecek"
An: opensuse-factory@opensuse.org Cc: "Sarah Julia Kriesch" Betreff: Re: [opensuse-factory] Opening private bugs On Wednesday, 30 May 2018 10:11 Sarah Julia Kriesch wrote:
That's a topic for group security in Bugzilla. I know from other issue trackers, that it is possible, that attachments are only readable/ to download from a specific group in the project. So we can create groups like SUSE and openSUSE. We should try that with Bugzilla [1].
We actually already have a group for SUSE employees (and few others) and they are used for access control.
I would be surprised, if it isn't possible to have security rules for attachments. So customer data can be safe.
An attachment can be also flagged as private (like comments), that's not a problem. The problem is that there is no way to make them flagged automatically, so that human review is necessary before opening a bug, for both comments and attachments.
Michal Kubecek Hmmh... The default setting for attachments[2]: is_private = false
We have to figure out, how to change those default settings.
Best regards, Sarah
No we don't need to figure that out this is something for SUSE Engineering to work through, sometimes the Summary and bug description also contain private info that can't be shared. Making changes to whether bugs are public / private by default is something that requires organizational change within SUSE Engineering, we as the board were told at our face to face meeting that SUSE Engineering is already assessing the best options for this as they look at other changes to tooling and that we can expect a change in the medium term but not straight away. The mailing list was created as a temporary work around until better changes happen from SUSE Engineering. How SUSE chooses to report its bugs is not something the openSUSE Community can change, we can only tell them that there is an issue with the current way they are doing things. As it stands they are aware of the issue and are working to do something better but such changes take time. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B