A general and boring explanation on how access restrictions are
handled/configured in Bugzilla currently. No opinions involved.
On Wed, 2014-06-25 at 21:18 -0700, Chris Steipp wrote:
There are a few cases where there may be legitimate
private data in a
security bug ("look, sql injection, and here are some rows from the
user table!", "Hey, this was supposed to be suppressed, and I can see
it", "This user circumvented the block on this IP"). But there might
be ways to flag or categorize a report as also including private data?
Someone with more bugzilla experience would need to comment.
I'm not aware of any "standardized" way to do this. Current practice is
described in item 2 below.
In general, Bugzilla offers two things:
1) Access restriction to all tickets in a certain product by default
(like all tickets under "Security"). Only Bugzilla admins, members of
the security group, the bug reporter, and people explicitly CC'ed on
such a ticket can access such a ticket in such a product.
2) Separate from that, marking both attachments and specific comments in
a ticket as "private". It's configured that it can be set and seen by
Bugzilla admins and members of the security group. There is a practice
(tradition?) to set the 'private' flag if somebody finds or notifies
about private data exposed (IPs, passwords, SSIDs), insults / personal
attacks, or spam. We don't have an explicit policy defined for setting
that flag.
A while ago I was told that people who by default have access to
Security tickets in Bugzlla need to have an NDA [1] in place.
andre
[1]
https://en.wikipedia.org/wiki/Non-disclosure_agreement
--
Andre Klapper | Wikimedia Bugwrangler
http://blogs.gnome.org/aklapper/