Bug 171634 - Bugzilla knows only of confidential bugs, not of bugs with confidential triggers
Bugzilla knows only of confidential bugs, not of bugs with confidential triggers
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
All Linux
medium Severity medium (vote)
: ---
: ---
Assigned To: Simon Green
Kevin Baker
: FutureFeature, Reopened
Depends On:
  Show dependency treegraph
Reported: 2005-10-24 12:13 EDT by Horst H. von Brand
Modified: 2014-12-01 18:08 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-10 09:04:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Horst H. von Brand 2005-10-24 12:13:12 EDT
Description of problem:
Bugzilla offers to keep all information about a bug confidential. But it has
happened to me a couple of times that the bug itself shouldn't be kept under
wraps, but the only test case I know can't be distributed publicly (i.e., an
internal document here). It would be nice if one could mark an attached test
case as "developer only" or some such.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 David Lawrence 2006-04-08 13:43:28 EDT
Red Hat's current Bugzilla version is 2.18. I am moving all older open bugs to
this version. Any bugs against the older versions will need to be verified that
they are still bugs. This will help me also to sort them better.
Comment 2 David Lawrence 2008-09-16 12:53:52 EDT
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code.
Updating bug version to 3.2.
Comment 3 Noura El hawary 2008-12-01 21:41:42 EST
currently in bugzilla we can mark attachments and comments as private so only specific people would be able to see those parts of the bug, whereas the bug report itself can be made public. To be able to set attachments and comments to private and to see them you need to be in the insidergroup in bugzilla, and actually only redhat employees can be members of that group.
Comment 4 Horst H. von Brand 2008-12-02 09:38:22 EST
This is not enough to me. I did run into problems where the only known trigger was a file with sensitive data (like personal data and grades). For some reason or the other scrubbing the file (replacing by random numbers, names, ...) either was not an option or made the bug go away, or a made up file did not show the problem.

It'd be fine with me if only RH people (or some other similarly restricted group) can see such data, but not everybody.

BTW, how do I reopen a bug? This only gives me the CLOSED and ASSIGNED states.
Comment 5 David Lawrence 2008-12-02 11:37:04 EST
Changing state to ASSIGNED is the same as reopening the bug. It also will add Reopened keyword as well to show up on people's search filters.
Comment 6 David Lawrence 2010-01-15 12:32:17 EST
Red Hat Bugzilla is now using version 3.4 of the Bugzilla codebase and
therefore this feature will need to be implemented against the new release.
Updating bug version to 3.2.
Comment 7 David Lawrence 2010-08-25 17:40:16 EDT
Red Hat has now upgraded to Bugzilla 3.6 and this bug will now be reassigned to that version. It would be helpful to the Bugzilla Development Team if this bug is verified to still be an issue with the latest version. If it is no longer an issue, then feel free to close, otherwise please comment that it is still a problem and we will try to address the issue as soon as we can.

Bugzilla Development Team
Comment 9 Simon Green 2012-05-10 09:04:42 EDT
(In reply to comment #4)
> This is not enough to me.

Unfortunately Bugzilla isn't equipped to handle this situation, as per Noura's comment. The best thing to do in this case is make a comment that you have a file that has confidential information. The bug assignee may ask you to e-mail them the file outside Bugzilla, and optionally add it to the bug as a private attachment only visible to people in the insiders group.

Note You need to log in before you can comment on or make changes to this bug.