canmove, Confirmed users
4,854
edits
Security/Security Bugs/EncryptedBugmail: Difference between revisions
Security/Security Bugs/EncryptedBugmail (view source)
Revision as of 19:00, 13 March 2012
, 13 March 2012no edit summary
No edit summary |
|||
| Line 2: | Line 2: | ||
This will change the default Bugzilla email notification for bugs in the "Security-Sensitive Core Bug" group to simply sending mail saying that a bug has changed with no details except for a link to the bug. In order to receive the same bug details for security bugs as normal bugs, Bugzilla users will need to install a PGP compatible public key or an S/MIME key in Bugzilla. | This will change the default Bugzilla email notification for bugs in the "Security-Sensitive Core Bug" group to simply sending mail saying that a bug has changed with no details except for a link to the bug. In order to receive the same bug details for security bugs as normal bugs, Bugzilla users will need to install a PGP compatible public key or an S/MIME key in Bugzilla. | ||
For members of the "Security-Sensitive Core Bug" group, you will _not_ be able to reset your password through email without uploading an encryption key. Password resets will only be available by contacting bugzilla-admin@mozilla.org. This is to keep password reset urls for sensitive accounts from being sent as a cleartext. | |||
There is basic information on Secure Mail [https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html available] on Bugzilla that explains some of the functionality. | There is basic information on Secure Mail [https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html available] on Bugzilla that explains some of the functionality. | ||
| Line 23: | Line 25: | ||
If you do not upload an encryption key and there is an update to a bug in a secure group, you will receive a notification that the bug has changed when it is updated but no details of the change. In order to view the details, you will need to visit the provided link in the e-mail to see the bug on Bugzilla. | If you do not upload an encryption key and there is an update to a bug in a secure group, you will receive a notification that the bug has changed when it is updated but no details of the change. In order to view the details, you will need to visit the provided link in the e-mail to see the bug on Bugzilla. | ||
Additionally, without uploading a key, you will not be able to reset your Bugzilla password over e-mail since the mail cannot be encrypted. You will require the assistance of | Additionally, without uploading a key, you will not be able to reset your Bugzilla password over e-mail since the mail cannot be encrypted. You will require the assistance of an administrator (bugzilla-admin@mozilla.org) for password resets. | ||
Here is a sample email you would receive if you have '''not''' uploaded an encryption key: | Here is a sample email you would receive if you have '''not''' uploaded an encryption key: | ||
-------- Original Message -------- | -------- Original Message -------- | ||
Subject: [Bug 1234] (Secure bug updated) | Subject: [Bug 1234] (Secure bug updated) | ||
Date: Thu, 01 Mar 2012 21:21:53 +0000 | Date: Thu, 01 Mar 2012 21:21:53 +0000 | ||
From: bugzilla-daemon@mozilla.org | From: bugzilla-daemon@mozilla.org | ||
To: you@mozilla.com | To: you@mozilla.com | ||
This email would have contained sensitive information, and you have not set | This email would have contained sensitive information, and you have not set | ||
a PGP/GPG key or SMIME certificate in the "Secure Mail" section of your user | a PGP/GPG key or SMIME certificate in the "Secure Mail" section of your user | ||
preferences. | preferences. | ||
In order to receive the full text of similar mails in the future, please | In order to receive the full text of similar mails in the future, please | ||
go to: | go to: | ||
https://bugzilla.mozilla.org/userprefs.cgi?tab=securemail | https://bugzilla.mozilla.org/userprefs.cgi?tab=securemail | ||
and provide a key or certificate. | and provide a key or certificate. | ||
You can see this bug's current state at: | You can see this bug's current state at: | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=1234 | https://bugzilla.mozilla.org/show_bug.cgi?id=1234 | ||
=== 4. I don't want to see these emails anymore, how do I turn them off? === | === 4. I don't want to see these emails anymore, how do I turn them off? === | ||