Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle cases where a private bug is closed as a duplicate of a public bug #2222

Open
suhaibmujahid opened this issue Sep 19, 2023 · 2 comments
Open

Handle cases where a private bug is closed as a duplicate of a public bug #2222

suhaibmujahid opened this issue Sep 19, 2023 · 2 comments
Labels
area-Metadata improvements area-Security

Comments

@suhaibmujahid
Copy link
Member

NOTE
CC @dveditz

Private bugs should not be closed as a duplicate of public bugs unless the public bug is already a known security bug (has a sec-foo keyword), then it's fine to make the hidden bug a duplicate.

If the public bug does not contain vulnerability details, the security bug should "depends on" the public bug instead of being closed as a duplicate.
@suhaibmujahid
Copy link
Member Author

Suggested solution: we could add a BugBot rule to reopen the private bug and mark it as “depends on” the public bug, unless the public bug already has a “sec-*” keyword.

@dveditz
Copy link
Member

dveditz commented Sep 21, 2023

It would be great to reference our security-bug dupe-handling guidelines. I'll try to get that into some appropriate place in Firefox source docs so you can switch to a publicly accessible link, but the above will do for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-Metadata improvements area-Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dveditz @suhaibmujahid