Confirm, administrator
5,526
edits
Changes
Drafting initial text
== Bug Triage in Mozilla's CA Certificate Program==Mozilla’s [[CA:Overview|CA Certificate Program]] governs inclusion of root certificates in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The [[CA:IncludedCAs|NSS root certificate store ]] is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products.<br /><br />
The Bugzilla product/component for the CA Certificates Program is [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org mozilla.org :: CA Certificates].
<br /><br />The CA Certificate Program deviates from Mozilla's standardized [[Bugmasters/Process/Triage|Bugzilla Bug Triage]] process, in that the by not using bug priorities (P1, P2, P3, or P5) are not typically used , because the [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org CA Certificate bugs ] do not typically directly include code changes to Mozilla's release trains or iterations. <br /><br />[https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org&list_id=13429872 CA Certificate bugs] are used to:* Track root inclusion/change requests. When approved, the actual code changes are requested via a new [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=NSS Bugzilla Bug for NSS].* Track EV treatment enablement requests. When approved, the actual code changes are requested via a new [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=Security%3A%20PSM&product=Core Bugzilla Bug for PSM].* Concerns that are raised about certificates being issued by CAs, and the resulting action items for the CAs.* CA Program related concerns or action items. If it is determined that a code changes is needed, then a separate Bugzilla Bug will be created to request the code change.
In short, every new bug should either be prioritized as moved to a different component, or needinfo should be requested from someone. P1 means the bug should be fixed before the current Nightly branches to Aurora (and even uplifted as appropriate). P2 means the bug will be worked on "next" (basically, after P1s are taken care of). P3 means the bug is in the "should be fixed" backlog. Tracking or meta bugs are also P3. P5 is for bugs where patches would be reviewed and taken from contributors if appropriate, but otherwise won't be worked on. If a bug has had an unanswered needinfo flag for more than 2 weeks, it should be reevaluated (closing as incomplete, needinfo-ing another person, etc.).
