php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63703 Bugmail is sent for private bug reports when changing bug type
Submitted: 2012-12-06 01:45 UTC Modified: 2016-06-25 15:40 UTC
From: aharvey@php.net Assigned:
Status: Verified Package: Systems problem
PHP Version: Irrelevant OS: Irrelephpant
Private report: No CVE-ID: None
 [2012-12-06 01:45 UTC] aharvey@php.net
Description:
------------
Bugmail was sent when the type of bug #62966 was changed from Security to Documentation, even though as far as I know the report has never been non-private — certainly the e-mail I received marked it as private.

Archive link: http://news.php.net/php.doc.bugs/9220


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-06 03:43 UTC] tyrael@php.net
-Status: Open +Status: Verified -Package: Website problem +Package: Translation problem
 [2012-12-06 03:43 UTC] tyrael@php.net
here is the relevant code:
http://git.php.net/?
p=web/bugs.git;a=blob;f=include/functions.php;h=2a8647c74ab99db00062b9060f1ab3ff
0e2cab6a;hb=HEAD#l1058

from that you can see that the private field has nothing to do with sending or 
not sending notification mails.
get_package_mail() has a clause which will force using the security@php.net as 
the default recipient list for a bug, but when you change the bug type from 
Security, that will not happen, and if there is a list_email set for that 
package in bugdb_pseudo_packages that address will be notified.
I think we should change the code to not send emails to the list_emails (and the 
currently hard coded $docBugEmail for Documentation Problems) if the private 
flag is set.
Apart from the security@ list there is only one package which has a non-public 
list_email which is PHP.net Systems Operation problem => systems@php.net.
And even for that list there is no reason to bother sending an email to that 
email address, because many of the people on that list doesn't have trusted dev 
or security dev access on bugsweb, so they couldn't see the bug anyways.

Would be nice if somebody could review my reasoning here before I commit it.
 [2012-12-06 17:59 UTC] tyrael@php.net
just pasting this from our irc conversation with philip and bjori:
if a bug (is private) AND (not Security bug type) AND (Documentation Problem 
bugtype OR it's package has a list_email address set which isn't a private 
address) then it will post notifications to a public list
 [2013-01-21 12:26 UTC] yannick@php.net
-Package: Translation problem +Package: Documentation problem
 [2016-06-25 15:40 UTC] cmb@php.net
-Package: Documentation problem +Package: Systems problem
 [2016-06-25 15:40 UTC] cmb@php.net
This is most certainly neither a documentation problem nor a
translation issue.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 06:01:30 2024 UTC