Re: Security problem - Mozilla

This is a discussion on Re: Security problem - Mozilla ; Partho, 2007/10/12, Partho.Mukherjee@desconsoft.com : > restrict the permission for changing the STATUS (New, Assigned, Resolved, > Verified, closed) to a specific person. How can the developer himself > change the status to verified and/or closed ? He should only be ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Security problem

  1. Re: Security problem

    Partho,

    2007/10/12, Partho.Mukherjee@desconsoft.com :
    > restrict the permission for changing the STATUS (New, Assigned, Resolved,
    > Verified, closed) to a specific person. How can the developer himself
    > change the status to verified and/or closed ? He should only be able to


    this is in the documentation;
    http://www.bugzilla.org/docs/tip/htm...rmissions.html is
    probably what you're looking for.

    In my very personal opinion, you have quite another problem if
    your people are working irresponsibly. Getting them to work honestly
    is better than restricting them from cheating.


    Regards
    Marc

  2. Re: Security problem

    Marc Schumann wrote:
    > In my very personal opinion, you have quite another problem if
    > your people are working irresponsibly. Getting them to work honestly
    > is better than restricting them from cheating.


    My 2 cents: I had the same concern ... not because I thought anyone
    would intentionally try to circumvent QA, but because in its default
    setup it is possible for anyone with editbugs permissions to mistakenly
    (through ignorance of local workflow or otherwise) designate a bug as
    "VERIFIED" OR "CLOSED" before QA was complete and therefore take it off
    of QA's radar. Using the docs (and with almost no Perl knowledge) I
    changed my bugzilla install so that only those in a "quality assurance"
    group can select "VERIFIED" or "CLOSED". If I recall, it wasn't difficult.

+ Reply to Thread