2016-08-15 19:12 GMT+02:00 Stanislav Malyshev <smalys...@gmail.com>: > Hi! > > I think the way security/private issues are implemented now in bugs DB > is wrong. It allows only access to a handful of people, and many package > maintainers and people that know the code in question are excluded. This > makes promptly handling bugs very hard. I propose one of: > > 1. Adding a lot more people to trusted list > 2. Implementing functionality allowing to add people to private bug on > per-bug basis. > > As a stepping stone for (2) I think we should always allow access to the > person the bug is assigned to. If I hear no objections, I'll implement > it first (the full fix probably requires DB access which I don't have).
For that to work, we probably need user accounts first for those without PHP.net account. It's anyway bad to have per bug passwords instead of simple user accounts where you can see all your reported bugs without a PHP.net account. Regards, Niklas
