Security/Firefox security bug fixing: Difference between revisions

Line 76: Line 76:


This is the responsibility of the security management team.
This is the responsibility of the security management team.
==Other bug cases==
===Sec-low, sec-moderate, sec-other, sec-want bugs===
The developer can land the patch without any explicit approval (sec-approval).
All other guidelines regarding keeping bug information private apply.
===Recent regressions (development branches only)===
If a specific regression check-in
* has been identified
and
* has never been shipped in anything other than a nightly build
and
* does not affect ESR and Beta
then the developer can land the patch without any explicit approval (sec-approval).
Tests can be landed after the issue has been fixed in all affected branches.
All other guidelines regarding keeping bug information private apply.
===Security-core bugs with no ratings===
If a security bug hasn’t received any rating, you should either rate it following the [[Security_Severity_Ratings]] before proceeding or request help from a  more experienced Mozilla developer. If no one on your team can help mail security@mozill.org or ask in the #security channel. '''NOTE:''' #security is not private. Do NOT describe or explain the bug. Simply ask "Can someone give a security rating to bug XXXXX?" If the auto-linking bot isn't around then an actual bug link is appreciated.


==Essentials==
==Essentials==
124

edits