Red Hat Bugzilla – Bug 171634
Bugzilla knows only of confidential bugs, not of bugs with confidential triggers
Last modified: 2014-12-01 18:08:22 EST
Description of problem:
Bugzilla offers to keep all information about a bug confidential. But it has
happened to me a couple of times that the bug itself shouldn't be kept under
wraps, but the only test case I know can't be distributed publicly (i.e., an
internal document here). It would be nice if one could mark an attached test
case as "developer only" or some such.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Red Hat's current Bugzilla version is 2.18. I am moving all older open bugs to
this version. Any bugs against the older versions will need to be verified that
they are still bugs. This will help me also to sort them better.
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code.
Updating bug version to 3.2.
currently in bugzilla we can mark attachments and comments as private so only specific people would be able to see those parts of the bug, whereas the bug report itself can be made public. To be able to set attachments and comments to private and to see them you need to be in the insidergroup in bugzilla, and actually only redhat employees can be members of that group.
This is not enough to me. I did run into problems where the only known trigger was a file with sensitive data (like personal data and grades). For some reason or the other scrubbing the file (replacing by random numbers, names, ...) either was not an option or made the bug go away, or a made up file did not show the problem.
It'd be fine with me if only RH people (or some other similarly restricted group) can see such data, but not everybody.
BTW, how do I reopen a bug? This only gives me the CLOSED and ASSIGNED states.
Changing state to ASSIGNED is the same as reopening the bug. It also will add Reopened keyword as well to show up on people's search filters.
Red Hat Bugzilla is now using version 3.4 of the Bugzilla codebase and
therefore this feature will need to be implemented against the new release.
Updating bug version to 3.2.
Red Hat has now upgraded to Bugzilla 3.6 and this bug will now be reassigned to that version. It would be helpful to the Bugzilla Development Team if this bug is verified to still be an issue with the latest version. If it is no longer an issue, then feel free to close, otherwise please comment that it is still a problem and we will try to address the issue as soon as we can.
Bugzilla Development Team
(In reply to comment #4)
> This is not enough to me.
Unfortunately Bugzilla isn't equipped to handle this situation, as per Noura's comment. The best thing to do in this case is make a comment that you have a file that has confidential information. The bug assignee may ask you to e-mail them the file outside Bugzilla, and optionally add it to the bug as a private attachment only visible to people in the insiders group.