|
|
Line 76: |
Line 76: |
|
| |
|
| This is the responsibility of the security management team. | | This is the responsibility of the security management team. |
|
| |
| ==Other bug cases==
| |
| ===Sec-low, sec-moderate, sec-other, sec-want bugs===
| |
|
| |
| The developer can land the patch without any explicit approval (sec-approval).
| |
|
| |
| All other guidelines regarding keeping bug information private apply.
| |
|
| |
| ===Recent regressions (development branches only)===
| |
|
| |
| If a specific regression check-in
| |
| * has been identified
| |
| and
| |
| * has never been shipped in anything other than a nightly build
| |
| and
| |
| * does not affect ESR and Beta
| |
|
| |
| then the developer can land the patch without any explicit approval (sec-approval).
| |
| Tests can be landed after the issue has been fixed in all affected branches.
| |
|
| |
| All other guidelines regarding keeping bug information private apply.
| |
|
| |
| ===Security-core bugs with no ratings===
| |
|
| |
| If a security bug hasn’t received any rating, you should either rate it following the [[Security_Severity_Ratings]] before proceeding or request help from a more experienced Mozilla developer. If no one on your team can help mail security@mozill.org or ask in the #security channel. '''NOTE:''' #security is not private. Do NOT describe or explain the bug. Simply ask "Can someone give a security rating to bug XXXXX?" If the auto-linking bot isn't around then an actual bug link is appreciated.
| |
|
| |
|
| ==Essentials== | | ==Essentials== |