Craig Dunigan wrote on 3/10/08 10:39 AM:
> On Mon, 10 Mar 2008, Craig Dunigan wrote:
> For the "official" patch, would it be beneficial for me to code it so
> that I replace "developer group" with "logged in user," and make the
> display suppression also dependent on login status? Is that what most
> people actually want?


That might be a good start. For open systems like Mozilla's Bugzilla
where anyone can create an account, we probably want it more restrictive
than that though. We have a few hundred thousand users, and it's well
worth a spammer's time to register for an account to be able to mine
that many addresses. In our case, limiting it to users with "editbugs"
privs would probably work well. We hand out editbugs fairly freely, but
generally they need to be active users that are actually working on
things. So probably the best way to do it is allow a configurable group
to be able to see such info (and we would set that to editbugs on
b.m.o). People who want it generally available could leave that group
blank (or create a group with a .* regexp and use that).

--
Dave Miller http://www.justdave.net/
System Administrator, Mozilla Corporation http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System http://www.bugzilla.org/