SecurityEngineering/PSM Bug Triage

Bug Triage in PSM

PSM essentially consists of Gecko code in security/ that is not in any of the subdirectories nss/, patches/, or sandbox/. The Bugzilla product/component for PSM is Core :: Security: PSM. Historically, many bugs related to or involving PSM have been filed in the component Security: UI. This component is going away soon, and all outstanding bugs will be moved to Security: PSM or a more appropriate place.

For team interoperability, PSM follows the new standardized Triage process (see that page for an explanation of the use of P1, P2, P3, and P5).

Internally, PSM makes use of a number of whiteboard tags for organizational and prioritization purposes.

• [psm-assigned] are bugs that currently have an assignee. These should all be P1.
• [psm-backlog] consists of the backlog of bugs we should fix in PSM. These should all be P2 or P3. If they are P1, they should have an assignee and the tag should be [psm-assigned].
• [psm-cleanup] consists of code maintenance bugs that would make development easier, but don't directly impact functionality. These are probably mostly P3 or P5.
• [psm-tracking] are meta bugs that track larger work. These should all be P3.
• [psm-deprecation] are bugs that involve deprecating weak cryptography
• [psm-clientauth] consists of bugs involved with TLS client authentication
• [psm-smartcard] are bugs involving PKCS#11 devices
• [psm-documentation] are bugs on writing or improving PSM documentation
• [psm-waiting] are bugs that are waiting on some external input
• [psm-blocked] are bugs that are blocked on other work
• [psm-intermittent] are bugs filed for intermittently failing tests in PSM