Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
Re: [opensuse-factory] Opening private bugs


On 30/05/18 18:59, Sarah Julia Kriesch wrote:


Gesendet: Mittwoch, 30. Mai 2018 um 10:49 Uhr
Von: "Michal Kubecek" <mkubecek@xxxxxxx>
An: opensuse-factory@xxxxxxxxxxxx
Cc: "Sarah Julia Kriesch" <ada.lovelace@xxxxxx>
Betreff: Re: [opensuse-factory] Opening private bugs

On Wednesday, 30 May 2018 10:11 Sarah Julia Kriesch wrote:
That's a topic for group security in Bugzilla.
I know from other issue trackers, that it is possible, that
attachments are only readable/ to download from a specific group in
the project. So we can create groups like SUSE and openSUSE.
We should try that with Bugzilla [1].

We actually already have a group for SUSE employees (and few others) and
they are used for access control.

I would be surprised, if it isn't possible to have security rules for
attachments. So customer data can be safe.

An attachment can be also flagged as private (like comments), that's not
a problem. The problem is that there is no way to make them flagged
automatically, so that human review is necessary before opening a bug,
for both comments and attachments.

Michal Kubecek
Hmmh...
The default setting for attachments[2]:
is_private = false

We have to figure out, how to change those default settings.

Best regards,
Sarah


No we don't need to figure that out this is something for SUSE
Engineering to work through, sometimes the Summary and bug description
also contain private info that can't be shared.

Making changes to whether bugs are public / private by default is
something that requires organizational change within SUSE Engineering,
we as the board were told at our face to face meeting that SUSE
Engineering is already assessing the best options for this as they look
at other changes to tooling and that we can expect a change in the
medium term but not straight away.

The mailing list was created as a temporary work around until better
changes happen from SUSE Engineering. How SUSE chooses to report its
bugs is not something the openSUSE Community can change, we can only
tell them that there is an issue with the current way they are doing
things. As it stands they are aware of the issue and are working to do
something better but such changes take time.

--

Simon Lees (Simotek) http://simotek.net

Emergency Update Team keybase.io/simotek
SUSE Linux Adelaide Australia, UTC+10:30
GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

< Previous Next >