Re: [Bug 33169] KIndly update the date feature

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [Bug 33169] KIndly update the date feature

Jaikiran Pai
Just curious about our bugzilla infrastructure - do random users get to
change the content of these bugs, even if they aren't the ones who
reported the issue?

-Jaikiran


On 28/06/18 9:05 AM, [hidden email] wrote:

> https://bz.apache.org/bugzilla/show_bug.cgi?id=33169
>
> Ranjeet Mane <[hidden email]> changed:
>
>             What    |Removed                     |Added
> ----------------------------------------------------------------------------
>              Summary|ClearCase update produces   |KIndly update the date
>                     |verbose output---request    |feature
>                     |standard output suppression |
>                     |feature                     |
>            Component|Optional SCM tasks          |Core
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 33169] KIndly update the date feature

Stefan Bodewig
On 2018-06-28, Jaikiran Pai wrote:

> Just curious about our bugzilla infrastructure - do random users get
> to change the content of these bugs, even if they aren't the ones who
> reported the issue?

Yes.

Back when Bugzilla was introduced the developers and admins falsely
assumed only sensible people would be using the tool.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

AW: [Bug 33169] KIndly update the date feature

Jan Matèrne (jhm)
> > Just curious about our bugzilla infrastructure - do random users get
> > to change the content of these bugs, even if they aren't the ones who
> > reported the issue?
>
> Yes.
>
> Back when Bugzilla was introduced the developers and admins falsely
> assumed only sensible people would be using the tool.
>
> Stefan

Do you know if JIRA is more secure?
Also against spam attacks?
If yes, we could about thinking to migrate ...

Jan


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 33169] KIndly update the date feature

Gintautas Grigelionis
On Thu, 28 Jun 2018 at 11:43, Jan Matèrne (jhm) <[hidden email]> wrote:

> > > Just curious about our bugzilla infrastructure - do random users get
> > > to change the content of these bugs, even if they aren't the ones who
> > > reported the issue?
> >
> > Yes.
> >
> > Back when Bugzilla was introduced the developers and admins falsely
> > assumed only sensible people would be using the tool.
> >
> > Stefan
>
> Do you know if JIRA is more secure?
> Also against spam attacks?
> If yes, we could about thinking to migrate ...
>
> Jan
>

Jira has roles [1]; Bugzilla has groups, but I cannot figure out whether
they could be as flexible or easy to administrate.

Gintas

[1]
https://confluence.atlassian.com/jirakb/jira-permissions-made-simple-717062767.html
Reply | Threaded
Open this post in threaded view
|

Re: [Bug 33169] KIndly update the date feature

Stefan Bodewig
In reply to this post by Jan Matèrne (jhm)
On 2018-06-28, Jan Matèrne (jhm) wrote:

>>> Just curious about our bugzilla infrastructure - do random users get
>>> to change the content of these bugs, even if they aren't the ones who
>>> reported the issue?

>> Yes.

>> Back when Bugzilla was introduced the developers and admins falsely
>> assumed only sensible people would be using the tool.

> Do you know if JIRA is more secure?

Depends on what "secure" means.

The ASF installations allow everybody to create accounts and everybody
to create new issues. This is a deliberate choice and is the same for
JIRA and Bugzilla - and is the best choice for an open source project
IMHO.

I'm not sure whether JIRA allows arbitrary users to modify existing
issues ither people have created. Of course you want everybody to be
able to comment, not so sure about the issue's title. I've just had a
look at the permissions on Commons Compress' JIRA project and "edit
issue" can only be done by people in certain roles while "create issue"
is allowed to the jira-users group - which is everybody with an account.

> Also against spam attacks?

When I complained too much about Bugzilla spam I was granted Admin
access so I could block spammers. :-)

I recall JIRA spam as well but it doesn't happen very often. Maybe the
account creation procedure for JIRA is more involved than for Bugzilla
so setting up accounts is more work for spammers and they prefer
Bugzilla as the easier target. I don't know. TBH I don't think there is
a big difference and we seem to be able to handle spam reasonably well.

> If yes, we could about thinking to migrate ...

I'm afraid a migration of the existing issues would be painful and we've
got a LONG history with lots of issues in Bugzilla.

I'm not convinced this kind of issue hijacking is happenening often
enough to be the only reason for switching the issue tracker :-)

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 33169] KIndly update the date feature

Stefan Bodewig
On 2018-06-28, Stefan Bodewig wrote:

> The ASF installations allow everybody to create accounts and everybody
> to create new issues. This is a deliberate choice and is the same for
> JIRA and Bugzilla - and is the best choice for an open source project
> IMHO.

> I'm not sure whether JIRA allows arbitrary users to modify existing
> issues ither people have created. Of course you want everybody to be
> able to comment, not so sure about the issue's title.

https://www.youtube.com/watch?v=MO_AVjSPuBw&list=PLq-odUc2x7i-1f8XW3aYwGRc7YoWcCIxA&index=19

around minute 18 Mark explains why our Bugzilla is configured the way it
is.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

AW: [Bug 33169] KIndly update the date feature

Jan Matèrne (jhm)
Thanks, will have a look tomorrow.
Sounds like we should keep BZ as it is.

Jan

> -----Ursprüngliche Nachricht-----
> Von: Stefan Bodewig [mailto:[hidden email]]
> Gesendet: Donnerstag, 28. Juni 2018 13:27
> An: [hidden email]
> Betreff: Re: [Bug 33169] KIndly update the date feature
>
> On 2018-06-28, Stefan Bodewig wrote:
>
> > The ASF installations allow everybody to create accounts and
> everybody
> > to create new issues. This is a deliberate choice and is the same for
> > JIRA and Bugzilla - and is the best choice for an open source project
> > IMHO.
>
> > I'm not sure whether JIRA allows arbitrary users to modify existing
> > issues ither people have created. Of course you want everybody to be
> > able to comment, not so sure about the issue's title.
>
> https://www.youtube.com/watch?v=MO_AVjSPuBw&list=PLq-odUc2x7i-
> 1f8XW3aYwGRc7YoWcCIxA&index=19
>
> around minute 18 Mark explains why our Bugzilla is configured the way
> it is.
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email] For additional
> commands, e-mail: [hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]