Re: [Bug 33169] KIndly update the date feature
On 2018-06-28, Jan Matèrne (jhm) wrote:
>>> Just curious about our bugzilla infrastructure - do random users get
>>> to change the content of these bugs, even if they aren't the ones who
>>> reported the issue?
>> Back when Bugzilla was introduced the developers and admins falsely
>> assumed only sensible people would be using the tool.
> Do you know if JIRA is more secure?
Depends on what "secure" means.
The ASF installations allow everybody to create accounts and everybody
to create new issues. This is a deliberate choice and is the same for
JIRA and Bugzilla - and is the best choice for an open source project
I'm not sure whether JIRA allows arbitrary users to modify existing
issues ither people have created. Of course you want everybody to be
able to comment, not so sure about the issue's title. I've just had a
look at the permissions on Commons Compress' JIRA project and "edit
issue" can only be done by people in certain roles while "create issue"
is allowed to the jira-users group - which is everybody with an account.
> Also against spam attacks?
When I complained too much about Bugzilla spam I was granted Admin
access so I could block spammers. :-)
I recall JIRA spam as well but it doesn't happen very often. Maybe the
account creation procedure for JIRA is more involved than for Bugzilla
so setting up accounts is more work for spammers and they prefer
Bugzilla as the easier target. I don't know. TBH I don't think there is
a big difference and we seem to be able to handle spam reasonably well.
> If yes, we could about thinking to migrate ...
I'm afraid a migration of the existing issues would be painful and we've
got a LONG history with lots of issues in Bugzilla.
I'm not convinced this kind of issue hijacking is happenening often
enough to be the only reason for switching the issue tracker :-)
To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxx