Bug vandalism on sourceware.org bug tracker.

[Carlos O'Donell <carlos at redhat dot com>]

Andreas, Joseph, and Florian, I have granted all three of
you emergency 'set editbugs' bugzilla permissions. If we
get consensus on the process below I think we might just
grant this to everyone.

As some of you may know or have seen, we recently had some 
vandalism on the sourceware.org bug tracker [1]. 

The vandalism has been undone, but the consequence is that
future new users will not have 'editbugs' capabilities.

New users will be able to create bugs, and comment on
existing bugs but will not be able to change fields like
version, component, etc. 

Bugzilla admins (Roland and myself) will be able to set
'editbugs' for new users that request this.

Vandalism at the comment level can be removed with Tag:spam
tagging. Vandalism at the bug level should be even easier to 
cleanup. It's the vandalism that changes important data that
was costly this time around. We had 91 issues that were 
messed up and needed cleaning.

I am considering the somewhat unorthodox self-organizing
concept where we allow users to vouch for other users and
grant them 'editbugs' in a similar strategy to the one we
are using in the wiki. That would leave us with no single
point of failure in an admin. In the meantime I may reach
out to some of you and give you immediate emergency 
'set editbugs' powers. This means you have the ability
to set 'editbugs' for all users. It isn't exactly a
self-organizing process because a bugzilla admin is still
required to grant the original 'set editbugs' power,
but it should be relatively easy to automatically grant
that power to all users who have 'editbugs' (more
automation).

Thoughts?

-- 
Cheers,
Carlos.

[1] https://sourceware.org/ml/overseers/2016-q2/msg00026.html