Reed Loden wrote:
I thought the whole point of this "reorganizational proposal" was to
separate out the various products into separate security groups.
Bugzilla is a product to itself and should not be subject to security
bugs in other webtools. While there is some overlap between the
developers of Bugzilla and the other webtools, the groups are different
and should remain different, not tied to each other by the same mailing
list. Mailing lists are easy to create, so I don't see a problem with
having other lists for the other groups.
It seems that you are equating bugzilla groups to mailing lists. They
are not the really the same. You'd have a [EMAIL PROTECTED] address which
has filters set up to determine which mailing list to send the bugs to.
Nobody would actually subscribe to that address. It would forward bugs
to other list addresses. So, you could have one bugzilla group feed
multiple lists in this fashion. I could be entirely off-base, but the
email issue seems to me to be the real issue that people are trying to
solve, and I think it can be done without group refactoring as I've
outlined.
I seem to recall there being some bugs filed against Bonsai or something
which had impact on Bugzilla, but were first discovered using e.g.
Bonsai query strings and then applying similar techniques to Bugzilla.
I don't see why we would want to potentially sever this method of
discovering security bugs on the various webtool products, but I'm not
much involved with Bugzilla or Bonsai hacking these days, so I'll
eventually defer to others. My main point is that reorg'ing bugzilla
groupings to do e.g. procmail's job is rather silly.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
