A general and boring explanation on how access restrictions are
handled/configured in Bugzilla currently. No opinions involved.
On Wed, 2014-06-25 at 21:18 -0700, Chris Steipp wrote:
> There are a few cases where there may be legitimate private data in a
> security bug ("look, sql injection, and here are some rows from the
> user table!", "Hey, this was supposed to be suppressed, and I can see
> it", "This user circumvented the block on this IP"). But there might
> be ways to flag or categorize a report as also including private data?
> Someone with more bugzilla experience would need to comment.
I'm not aware of any "standardized" way to do this. Current practice is
described in item 2 below.
In general, Bugzilla offers two things:
1) Access restriction to all tickets in a certain product by default
(like all tickets under "Security"). Only Bugzilla admins, members of
the security group, the bug reporter, and people explicitly CC'ed on
such a ticket can access such a ticket in such a product.
2) Separate from that, marking both attachments and specific comments in
a ticket as "private". It's configured that it can be set and seen by
Bugzilla admins and members of the security group. There is a practice
(tradition?) to set the 'private' flag if somebody finds or notifies
about private data exposed (IPs, passwords, SSIDs), insults / personal
attacks, or spam. We don't have an explicit policy defined for setting
that flag.
A while ago I was told that people who by default have access to
Security tickets in Bugzlla need to have an NDA [1] in place.
andre
[1] https://en.wikipedia.org/wiki/Non-disclosure_agreement
--
Andre Klapper | Wikimedia Bugwrangler
http://blogs.gnome.org/aklapper/
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
