I've noticed we have a SECURITY keyword on bugs.gentoo.org, but only 79
bugs have it, and doesn't seem to be actively used, so it seems to only
add confusion.

What do you think about removing it?

On 01/17/2011 05:54 PM, "Paweł Hajdan, Jr." wrote:
> I've noticed we have a SECURITY keyword on bugs.gentoo.org, but only 79
> bugs have it, and doesn't seem to be actively used, so it seems to only
> add confusion.
>
> What do you think about removing it?
>

All 79 bugs would need a fix then. We can't remove used keywords/groups
and so on.

--
Regards,
Christian Ruppert
Role: Gentoo Linux developer, Bugzilla administrator and Infrastructure
member
Fingerprint: EEB1 C341 7C84 B274 6C59 F243 5EAB 0C62 B427 ABC8

On 1/17/11 6:00 PM, Christian Ruppert wrote:
> All 79 bugs would need a fix then. We can't remove used keywords/groups
> and so on.

Only two bugs with SECURITY keywords are still open:

https://bugs.gentoo.org/buglist.cgi?query_format=advanced&short_desc_type= allwordssubstr&short_desc=&long_desc_type=substrin g&long_desc=&bug_file_loc_type=allwordssubstr&bug_ file_loc=&status_whiteboard_type=allwordssubstr&st atus_whiteboard=&keywords_type=allwords&keywords=S ECURITY&bug_status=NEW&bug_status=ASSIGNED&bug_sta tus=REOPENED&emailassigned_to1=1&emailtype1=substr ing&email1=&emailassigned_to2=1&emailreporter2=1&e mailcc2=1&emailtype2=substring&email2=&bugidtype=i nclude&bug_id=&votes=&chfieldfrom=&chfieldto=Now&c hfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as +last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=

Does anyone still use the SECURITY keyword? It doesn't seem to be a part
of Security or Infrastructure teams' documented practices.

* ""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org>:
> I've noticed we have a SECURITY keyword on bugs.gentoo.org, but only 79
> bugs have it, and doesn't seem to be actively used, so it seems to only
> add confusion.
>
> What do you think about removing it?

What sort of confusion does SECURITY add?
Do other keywords[1] like "Bug" add confusion too?

Is it worthwhile to remove the SECURITY keyword from 79 bugs...

...if you consider that (if everyone gets keyword-changes bugzilla mails,
it's an "Email Preference"[2] configurable in bugzilla)
79 mails are sent to 11 + 63 + other CC'ed recipients?

...if the keyword modification mails weren't sent
but one of our infra members had to spend time on this?


[1] https://bugs.gentoo.org/describekeywords.cgi
[2] https://bugs.gentoo.org/userprefs.cgi?tab=email

On 1/18/11 2:45 PM, Torsten Veller wrote:
> What sort of confusion does SECURITY add?

I started thinking about it when https://bugs.gentoo.org/351922 was
filed (this is only an example).

The SECURITY keyword is not applied consistently (~80 bugs total), but
the description says "Add this on all security related issues."

> Do other keywords[1] like "Bug" add confusion too?

Yes, the same way.

> Is it worthwhile to remove the SECURITY keyword from 79 bugs...
>
> ...if you consider that (if everyone gets keyword-changes bugzilla mails,
> it's an "Email Preference"[2] configurable in bugzilla)
> 79 mails are sent to 11 + 63 + other CC'ed recipients?

I wonder how many e-mails would be sent if we used the "Change several
bugs at once" Bugzilla feature. My guess is just one e-mail.

> ...if the keyword modification mails weren't sent
> but one of our infra members had to spend time on this?

Oh, I guess infra would reject spending time on this (low benefit to
effort ratio indeed).

Maybe we can just update description of obsolete KEYWORDS with something
like "*** DEPRECATED *** don't use for new bugs". That should be easy
and address most of my original point.

On 1/18/11 3:31 PM, "Paweł Hajdan, Jr." wrote:
>
>> Is it worthwhile to remove the SECURITY keyword from 79 bugs...

It is not, we would have told you before if you had actually asked
us................. (hoping you get the hint)

>>
>> ...if you consider that (if everyone gets keyword-changes bugzilla mails,
>> it's an "Email Preference"[2] configurable in bugzilla)
>> 79 mails are sent to 11 + 63 + other CC'ed recipients?
>
> I wonder how many e-mails would be sent if we used the "Change several
> bugs at once" Bugzilla feature. My guess is just one e-mail.

No, one email per bug.

>
> Maybe we can just update description of obsolete KEYWORDS with something
> like "*** DEPRECATED *** don't use for new bugs". That should be easy
> and address most of my original point.
>

Do that if it restores your inner peace, but leave the keyword in place
on old bugs.

* Alex Legler <a3li@gentoo.org>:
> On 1/18/11 3:31 PM, "Paweł Hajdan, Jr." wrote:
> >
> >> Is it worthwhile to remove the SECURITY keyword from 79 bugs...
>
> It is not, we would have told you before if you had actually asked
> us................. (hoping you get the hint)

Paweł actually asked: "What do you think about removing it?"
Why can't "we" (whoever it is) answer here?
--
Piece Torsten

On 1/18/11 4:06 PM, Torsten Veller wrote:
> * Alex Legler <a3li@gentoo.org>:
>> On 1/18/11 3:31 PM, "Paweł Hajdan, Jr." wrote:
>>>
>>>> Is it worthwhile to remove the SECURITY keyword from 79 bugs...
>>
>> It is not, we would have told you before if you had actually asked
>> us................. (hoping you get the hint)
>
> Paweł actually asked: "What do you think about removing it?"
> Why can't "we" (whoever it is) answer here?

"we": the team that sounds like that keyword he wants to remove.
Security has a dedicated contact address, and I have made it clear in
previous conversations that we like to be asked directly (and *not* on
$random_mailinglist inbetween dozens of other things) before any things
related to our responsibility happen.