|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63703 Bugmail is sent for private bug reports when changing bug type
Submitted: 2012-12-06 01:45 UTC Modified: 2016-06-25 15:40 UTC
From: Assigned:
Status: Verified Package: Systems problem
PHP Version: Irrelevant OS: Irrelephpant
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-12-06 01:45 UTC]
Bugmail was sent when the type of bug #62966 was changed from Security to Documentation, even though as far as I know the report has never been non-private — certainly the e-mail I received marked it as private.

Archive link:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-06 03:43 UTC]
-Status: Open +Status: Verified -Package: Website problem +Package: Translation problem
 [2012-12-06 03:43 UTC]
here is the relevant code:

from that you can see that the private field has nothing to do with sending or 
not sending notification mails.
get_package_mail() has a clause which will force using the as 
the default recipient list for a bug, but when you change the bug type from 
Security, that will not happen, and if there is a list_email set for that 
package in bugdb_pseudo_packages that address will be notified.
I think we should change the code to not send emails to the list_emails (and the 
currently hard coded $docBugEmail for Documentation Problems) if the private 
flag is set.
Apart from the security@ list there is only one package which has a non-public 
list_email which is Systems Operation problem =>
And even for that list there is no reason to bother sending an email to that 
email address, because many of the people on that list doesn't have trusted dev 
or security dev access on bugsweb, so they couldn't see the bug anyways.

Would be nice if somebody could review my reasoning here before I commit it.
 [2012-12-06 17:59 UTC]
just pasting this from our irc conversation with philip and bjori:
if a bug (is private) AND (not Security bug type) AND (Documentation Problem 
bugtype OR it's package has a list_email address set which isn't a private 
address) then it will post notifications to a public list
 [2013-01-21 12:26 UTC]
-Package: Translation problem +Package: Documentation problem
 [2016-06-25 15:40 UTC]
-Package: Documentation problem +Package: Systems problem
 [2016-06-25 15:40 UTC]
This is most certainly neither a documentation problem nor a
translation issue.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jul 14 02:01:28 2024 UTC