Bug 162590
Summary: | owner of duped bug can't edit other bug owned by somebody else | ||
---|---|---|---|
Product: | [Community] Bugzilla | Reporter: | Alexandre Oliva <oliva> |
Component: | Bugzilla General | Assignee: | Simon Green <sgreen> |
Status: | CLOSED WONTFIX | QA Contact: | Kevin Baker <kbaker> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.6 | CC: | agk, ebaak, ineilsen, kbaker, sgreen |
Target Milestone: | --- | Keywords: | FutureFeature, Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-05-10 12:21:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexandre Oliva
2005-07-06 16:37:14 UTC
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code. Updating bug version to 3.2. for the security issues you mentioned we can not really implement this request. Actually, implementing security checking against privilege escalation, at the time of the dupe, would not only help avoid unintended leaks, but also avoid situations in which a public bug is duped against a restricted one. Ideally, the dupe should go the other way 'round, or the dupe shouldn't be put in place at all. IOW, we currently have a potential security problem that ought to be fixed, and so there's no reason to reject a feature that would rely on such a fix to be in place. I can clone this bug into another for the leak-avoidance feature, if it helps. I think the original idea is not worthwhile, but we could indeed do with a better solution to dealing with duplicates when the bugs concerned are in different sets of groups - a warning message perhaps explaining who (Cc/Groups) will now get/lose access to what that they didn't before, and making the person doing the action to confirm that is OK before proceeding. Red Hat Bugzilla is now using version 3.4 of the Bugzilla codebase and therefore this feature will need to be implemented against the new release. Updating bug version to 3.2. Red Hat has now upgraded to Bugzilla 3.6 and this bug will now be reassigned to that version. It would be helpful to the Bugzilla Development Team if this bug is verified to still be an issue with the latest version. If it is no longer an issue, then feel free to close, otherwise please comment that it is still a problem and we will try to address the issue as soon as we can. Thanks Bugzilla Development Team I believe what we currently have is sufficient. While the reporter of the duped bug cannot edit the bug details, they (as well as everyone with a RHBZ account) can add comments. The owner of the bug can then take the appropriate action. If we were to implement this, it would be a big extension that the Red Hat Bugzilla team would need to carry (since a Bug currently can only have one reporter) and maintain security for. -- simon |