>> Bite the bullet and at least make all CC'd people able to see all
>> patches, always. It's needed.
>
>Yeah, that's the direction I think we should take.
Good, thanks.
>For now, we will implement exact syncing of the CC list + reporter as the
>revision's subscriber list. This means that
On Saturday, 26 August 2017 00:40:08 UTC-4, Randell Jesup wrote:
> >And don't forget reporter and assignees. Occasionally a reporter not in the
> >security group will notice that a patch is insufficient which is nicer to
> >find before the patch is committed than after the commit link is added to
>On Wed, Aug 9, 2017 at 11:32 AM, Mark Côté wrote:
>
>> I actually like Gijs's proposal, to mirror *from* Phabricator *to* BMO.
>> That way, if you're looking at the bug and want to pull someone in, you CC
>> them; if you're looking at the fix and want to involve someone, you
Having both reported, fixed and reviewed security bugs, I feel an
uni-directional sync from Phabricator to BMO is not going to cut it. I
think it will be unexpected for most users and might just lead to
additional "why can I not see the patch" bug comments.
I understand that it's more work, but I
On Wed, Aug 9, 2017 at 11:32 AM, Mark Côté wrote:
> I actually like Gijs's proposal, to mirror *from* Phabricator *to* BMO.
> That way, if you're looking at the bug and want to pull someone in, you CC
> them; if you're looking at the fix and want to involve someone, you add
>
For brevity and clarity I'm just replying to Dan here, but I am attempting to
address other points raised so far in this thread.
On Wednesday, 9 August 2017 13:07:08 UTC-4, Daniel Veditz wrote:
> On Tue, Aug 8, 2017 at 5:30 PM, Mark Côté wrote:
>
> > I am not sure how often
On Tue, Aug 8, 2017 at 5:30 PM, Mark Côté wrote:
> I am not sure how often CCed users are involved with confidential bugs'
> patches
> [
> ] Anecdotally I have been told that a lot of the time users are CCed
> just to be informed of the problem, e.g. a manager might
On Wed, Aug 9, 2017 at 12:20 AM, Axel Hecht wrote:
> I think we should strive to have as few people as possible with general
> access to security bugs.
We do. We've reduced the number of people with access, and split the
"client" security group into ~10 sub groups so that
On Tue, Aug 8, 2017 at 11:38 PM, Nicolas B. Pierron <
nicolas.b.pier...@mozilla.com> wrote:
> However, users outside of the security group(s) can see confidential bugs
>> if they are involved with them in some way. Frequently the CC field is
>> used as a way to include outsiders in a bug.
>
>
>
On 08/08/2017 08:30 PM, Mark Côté wrote:
First I want to double check that this is truly useful. I am not sure how
often CCed users are involved with confidential bugs' patches (I might be able
to ballpark this with some Bugzilla searches, but I don't think it would be
easy to get a straight
On 09/08/2017 01:30, Mark Côté wrote:
If you have any thoughts on this, please reply. I'll answer any questions and
summarize the feedback with a decision in a few days. Note that we can, of
course, try a simple approach to start, and add in more complex functionality
after an evaluation
private-attachment thing that Nicolas
mentioned.
Axel
Am 09.08.17 um 02:30 schrieb Mark Côté:
(Cross-posted to mozilla.tools)
Hi, I have an update and a request for comments regarding Phabricator and
confidential reviews.
We've completed the functionality around limiting access to Differential
On 08/09/2017 12:30 AM, Mark Côté wrote:
Hi, I have an update and a request for comments regarding Phabricator and
confidential reviews.
First of all, thanks for considering confidential bugs as part of this
process. This was my main reason for not using moz-review.
We've completed
13 matches
Mail list logo