This is the mail archive of the overseers@sourceware.org mailing list for the Sourceware project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: GCC Bugzilla account creation configuration

From: "Frédéric Buclin via overseers" <overseers at sourceware dot org>
To: "Frank Ch. Eigler" <fche at redhat dot com>, Joseph Myers <joseph at codesourcery dot com>
Cc: overseers at gcc dot gnu dot org
Date: Fri, 15 Sep 2017 00:26:24 +0200
Subject: Re: GCC Bugzilla account creation configuration
Authentication-results: sourceware.org; auth=none
References: <alpine.DEB.2.20.1708111425100.11919@digraph.polyomino.org.uk> <20170811163852.GA5265@ednor.casa.cgf.cx> <alpine.DEB.2.20.1708111719150.25255@digraph.polyomino.org.uk> <20170811174157.GA1002@ednor.casa.cgf.cx> <alpine.DEB.2.20.1708111808430.2884@digraph.polyomino.org.uk> <20170914122510.GG29130@redhat.com> <alpine.DEB.2.20.1709141231400.9358@digraph.polyomino.org.uk> <20170914123452.GA26649@redhat.com>
Reply-to: LpSolit at netscape dot net
Reply-to: Frédéric Buclin <LpSolit at netscape dot net>

Le 14. 09. 17 à 14:34, Frank Ch. Eigler a écrit :
>> [...]  It was said that it shouldn't be hard to change Bugzilla
>> locally so editusers can't change permission bits on users without
>> having changing those bits explicitly enabled.  [...]
> 
> Earlier testing indicated this has not been done, making the current
> arrangement unacceptably dangerous.


I don't know who said it shouldn't be hard to patch Bugzilla, but it
certainly wasn't me. I said it should be doable, which doesn't
necessarily means "easy". I didn't look at it yet.

David Edelsohn reaction was that "everyone is alert that we will be
watching". This sounded more like "no worry, we will be watching what
those power users do" than "please restrict power users privileges".

If the consensus is that we want to restrict privileges for those users,
then I will work on it. Depending on how invasive changes would be, I
could add a new "addusers" bit instead.

Frédéric

Follow-Ups:
- Re: GCC Bugzilla account creation configuration
  - From: Joseph Myers

References:
- GCC Bugzilla account creation configuration
  - From: Joseph Myers
- Re: GCC Bugzilla account creation configuration
  - From: Christopher Faylor
- Re: GCC Bugzilla account creation configuration
  - From: Joseph Myers
- Re: GCC Bugzilla account creation configuration
  - From: Christopher Faylor
- Re: GCC Bugzilla account creation configuration
  - From: Joseph Myers
- Re: GCC Bugzilla account creation configuration
  - From: Frank Ch. Eigler
- Re: GCC Bugzilla account creation configuration
  - From: Joseph Myers
- Re: GCC Bugzilla account creation configuration
  - From: Frank Ch. Eigler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]