CA/Bug Triage

From MozillaWiki
< CA
Revision as of 22:06, 6 February 2017 by Kathleen Wilson (talk | contribs) (Drafting initial text)
Jump to navigation Jump to search

Bug Triage in Mozilla's CA Certificate Program

Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products.

The Bugzilla product/component for the CA Certificates Program is mozilla.org :: CA Certificates.

The CA Certificate Program deviates from Mozilla's standardized Bugzilla Bug Triage process by not using bug priorities (P1, P2, P3, or P5), because CA Certificate bugs do not directly include code changes to Mozilla's release trains or iterations.

CA Certificate bugs are used to track:

  • Root inclusion/change requests. When approved, the actual code changes are requested via a new Bugzilla Bug for NSS.
  • EV treatment enablement requests. When approved, the actual code changes are requested via a new Bugzilla Bug for PSM.
  • Concerns that are raised about certificates being issued by CAs, and the resulting action items for the CAs.
  • CA Program related concerns or action items. If it is determined that a code changes is needed, then a separate Bugzilla Bug will be created to request the code change.
  • CA Audit statements, when they are not published on webtrust.org, the auditor's website, or the CA's website.

The CA Program whiteboard tags:

  • [psm-assigned] are bugs that currently have an assignee. These should all be P1.
  • [psm-backlog] consists of the backlog of bugs we should fix in PSM. These should all be P2 or P3. If they are P1, they should have an assignee and the tag should be [psm-assigned].
  • [psm-cleanup] consists of code maintenance bugs that would make development easier, but don't directly impact functionality. These are probably mostly P3 or P5.
  • [psm-tracking] are meta bugs that track larger work. These should all be P3.
  • [psm-deprecation] are bugs that involve deprecating weak cryptography
  • [psm-clientauth] consists of bugs involved with TLS client authentication
  • [psm-smartcard] are bugs involving PKCS#11 devices
  • [psm-documentation] are bugs on writing or improving PSM documentation
  • [psm-waiting] are bugs that are waiting on some external input
  • [psm-blocked] are bugs that are blocked on other work
  • [psm-intermittent] are bugs filed for intermittently failing tests in PSM
  • [psm-would-take] are bugs where we would review patches from contributors, but otherwise we won't be working on them. These should be P5.

These are the remaining untriaged bugs with respect to internal bug management.

Retrieved from "https://wiki.mozilla.org/index.php?title=CA/Bug_Triage&oldid=1162018"