This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Bug vandalism on sourceware.org bug tracker.
- From: Carlos O'Donell <carlos at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>, Florian Weimer <fweimer at redhat dot com>, Frank Eigler <fche at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>, Andreas Schwab <schwab at suse dot de>
- Date: Tue, 17 May 2016 02:23:25 -0400
- Subject: Bug vandalism on sourceware.org bug tracker.
- Authentication-results: sourceware.org; auth=none
Andreas, Joseph, and Florian, I have granted all three of
you emergency 'set editbugs' bugzilla permissions. If we
get consensus on the process below I think we might just
grant this to everyone.
As some of you may know or have seen, we recently had some
vandalism on the sourceware.org bug tracker [1].
The vandalism has been undone, but the consequence is that
future new users will not have 'editbugs' capabilities.
New users will be able to create bugs, and comment on
existing bugs but will not be able to change fields like
version, component, etc.
Bugzilla admins (Roland and myself) will be able to set
'editbugs' for new users that request this.
Vandalism at the comment level can be removed with Tag:spam
tagging. Vandalism at the bug level should be even easier to
cleanup. It's the vandalism that changes important data that
was costly this time around. We had 91 issues that were
messed up and needed cleaning.
I am considering the somewhat unorthodox self-organizing
concept where we allow users to vouch for other users and
grant them 'editbugs' in a similar strategy to the one we
are using in the wiki. That would leave us with no single
point of failure in an admin. In the meantime I may reach
out to some of you and give you immediate emergency
'set editbugs' powers. This means you have the ability
to set 'editbugs' for all users. It isn't exactly a
self-organizing process because a bugzilla admin is still
required to grant the original 'set editbugs' power,
but it should be relatively easy to automatically grant
that power to all users who have 'editbugs' (more
automation).
Thoughts?
--
Cheers,
Carlos.
[1] https://sourceware.org/ml/overseers/2016-q2/msg00026.html