Re: BTS "feature" comments
On Thu, Sep 23, 1999 at 08:35:06 -0700, Darren Benham wrote: > - Forwarded message from Samuel Tardieu <[EMAIL PROTECTED]> - > Non-developpers should not be allowed to *manipulate* bugs IMO. It would be nice to have a mechanism available to ensure this if there is indeed abuse of the BTS by non-developers; so far I haven't seen it, and I see no reason e.g. to prevent users from merging bug reports when they notice something has been reported already. Ray -- LEADERSHIP A form of self-preservation exhibited by people with auto- destructive imaginations in order to ensure that when it comes to the crunch it'll be someone else's bones which go crack and not their own. - The Hipcrime Vocab by Chad C. Mulligan
Re: BTS "feature" comments
>> Darren Benham <[EMAIL PROTECTED]> writes: > What do you think? well, for one, the submitter doesn't have to be a developer, and it's perfectly ok for the submitter to manipulate "his" bugs. I've always thought the rule "only the maintainer and the submitter are allowed to close bugs" to be a good one. In fact, as a submitter I've closed or reassigned bugs several times... as a maintainer, I've found some bugs have been reassigned or closed by the submitter, and I was pleased about it... > On 21/09, Darren Benham wrote: > > | And do what... there are going to be keys that aren't in the debian > keyring.. > > Non-developpers should not be allowed to *manipulate* bugs IMO. why would I start marking bugs in, say xfree, as fixed if I'm not the maintainer. I asked Branden about this once, and *he* asked me to submit reports to the corresponding bugs and, iirc, mark them fixed. But in that situation I had permission from the maintainer, which is a good thing. Marcelo
Re: BTS "feature" comments
On Thu, Sep 23, 1999 at 08:35:06AM -0700, Darren Benham was heard to say: > What do you think? > - Forwarded message from Samuel Tardieu <[EMAIL PROTECTED]> - > > > On 21/09, Darren Benham wrote: > > | And do what... there are going to be keys that aren't in the debian > keyring.. > > Non-developpers should not be allowed to *manipulate* bugs IMO. > > > > - End forwarded message - As a non-developer who has manipulated bugs.. I think that non-developers should be allowed to manipulate bugs that they are the submittors of. Several times now I've submitted bugs that either became outdated by a new release or turned out to be my own fault (eg, I reported a bug against lftp that was caused because a local install in /usr/local/bin which I had forgotten about was overriding my packaged installation in /usr/bin) but nevertheless was not closed -- in such cases, I generally send a message to (bug-num)@bugs.debian.org saying that the bug is not a bug anymore and should be closed. However, in a few cases I never got a response from the maintainer and decided to just close a bug myself. I think that I may once have reopened a bug that I reported when it was prematurely closed (that is, the maintainer closed it but I could still reproduce the problem in the supposedly fixed version), in preference to submitting a new bug report. I'm not sure about that, though. I may have just considered it. Are these shooting offenses? If so, I guess I should start keeping an eye out for the Debian Hit Squad.. :-/ Daniel -- Man is timid; he no longer says 'I think' or 'I am' but quotes some prophet or sage. -- Ralph Waldo Emerson, "Self-Reliance"
Re: BTS "feature" comments
| As a non-developer who has manipulated bugs.. [...] | a bug anymore and should be closed. However, in a few cases I never got a | response from the maintainer and decided to just close a bug myself. [...] | Are these shooting offenses? If so, I guess I should start keeping an eye | out for the Debian Hit Squad.. :-/ Of course not, but only the package maintainer is supposed to close bugs on her package. Even other Debian developers should use the fixed state. If, as a non-developer, notice a bug that should be closed and have no request from the maintainer of the package, then you should ask on debian-devel that someone closes the bug, after checking that the bug does not exist anymore. And in a perfect life, all the developers should answer requests in a timely manner. Sam pgpHUjwtWVmmX.pgp Description: PGP signature
Re: BTS "feature" comments
On Thu, Sep 23, 1999 at 06:23:27PM +0200, Samuel Tardieu wrote: > Of course not, but only the package maintainer is supposed to close bugs on > her package. Even other Debian developers should use the fixed state. > Unless somebody's changed something while I wasn't looking, Debian accepts submitters closing bugs they've submitted, also pgpHk57qFumHr.pgp Description: PGP signature
Re: BTS "feature" comments
Previously Darren Benham wrote: > - Forwarded message from Samuel Tardieu <[EMAIL PROTECTED]> - > | And do what... there are going to be keys that aren't in the debian > keyring.. The reason I mentioned this on a bugreport was that it would be very easy to check if a signature is correct if we have the key available. From there it would be easy to make it only possible for developers to modify the BTS if we want to go that way, but right now I'm not convinced we should go that way. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpf2DhDMwzMB.pgp Description: PGP signature
Re: BTS "feature" comments
On Thu, Sep 23, 1999 at 08:35:06AM -0700, Darren Benham wrote: > > | And do what... there are going to be keys that aren't in the debian > > keyring.. > > > > Non-developpers should not be allowed to *manipulate* bugs IMO. > > What do you think? Make me PGP/GPG/whatever sign all messages I send to [EMAIL PROTECTED], and I shall become your mortal enemy :> :) Next step would be signing everything sent to the BTS, then everything sent to debian-* mailing lists... please, don't. If anyone puts trash in the BTS because there is no authentication, we'll handle it. I'll even volunteer to clean it up. -- enJoy -*/\*- don't even try to pronounce my first name
Re: BTS "feature" comments
About security on the BTS: Don't introduce a system with `pre-security', let's use `post-security'... what do I mean? The following: Make every action undoable and advertised, e.g.: if someone manipulates a bug in any way the maintainer gets an email. I think that that's how it's working now, so... don't touch it.. =)
