Reed Loden wrote:
On Wed, 31 Jan 2007 10:43:54 -0500
Christopher Aillon <[EMAIL PROTECTED]> wrote:
Can we get a good explanation as to how people will be flooded with
bugmail first? I fail to see how that is the case. Sure, if they
watch the security@ alias, but not with proper component watching and
mail filtering. It's only slightly more of a setup per individual,
but not by much.
The individual(s) in question that hack on AUS are not members of the
security group. morgamic is the main hacker (actually, according to
Bonsai, he's the only one that has touched code in
mozilla/webtools/aus/), and he's not a member of the security group.
There may be other people that work on AUS (not positive on this, so
don't quote me!) that are not members of the security group, so they
would also have to be added if AUS was only under security instead of
its own separate group.
However, if morgamic (and any other AUS developers that may or may not
exist) were to be added to the security group, the need for a separate
security group for AUS would be greatly diminished. I guess it is up to
dveditz for the decision on this, though.
Either way, he needs to be added to some security sensitive group, and I
still don't see why we need to create a group just for him, with maybe
(it seems we're not even sure) other people in it.
If you think he's a good candidate that needs access to security bugs,
the process is typically to nominate him by posting to security-group@
with justification. I'll let someone else do this, though as I don't
have much experience working with him.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
