Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2828

User permissions for the SECURITY issues

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      At the moment in the Jenkins CI jira datadog security issues are being reported to the SECURITY project and assigned to "Datadog HQ" user. This is correct but this user email cannot really be accessed by employees at the company. I'd like to create a filter subscription on my own email to get notified about new issues assigned to this user. With that end I've registered on Jenkins CI with another datadog email account (Julia Simon)  but it seems I don't have permissions to see the relevant issues.

      How could I get permissions for this?

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          We do not consider people "maintainers" in various contexts (governance, security, …) unless they are able to release the component, and the YAML file controls that. Commit permission makes them just committers

          Show
          danielbeck Daniel Beck added a comment - We do not consider people "maintainers" in various contexts (governance, security, …) unless they are able to release the component, and the YAML file controls that. Commit permission makes them just committers
          Hide
          datadog Datadog HQ added a comment -

          Ok, then I can change the email of this user to a mailing list we can actually read. What are the implications of that?

          Show
          datadog Datadog HQ added a comment - Ok, then I can change the email of this user to a mailing list we can actually read. What are the implications of that?
          Hide
          danielbeck Daniel Beck added a comment -

          None in theory for the Jenkins project.

          In practice my advise would be: Have a plan for job changes/people succession (which "mailing list" sounds like, not a personal email address) and don't reject outside email now or in the future. Anything that would cause you to lose access to the account could cause problems.

          Show
          danielbeck Daniel Beck added a comment - None in theory for the Jenkins project. In practice my advise would be: Have a plan for job changes/people succession (which "mailing list" sounds like, not a personal email address) and don't reject outside email now or in the future. Anything that would cause you to lose access to the account could cause problems.
          Hide
          danielbeck Daniel Beck added a comment -

          Oh, and at the risk of stating the obvious: Anyone who can receive email to the email address can enter the Jenkins account. Anyone who can do that can file issues related to plugin governance, like changing maintainership.

          (We've discussed things like detaching plugin ownership from the accounts that have upload permissions in the past among some infra contributors, but don't have implemented any of that yet.)

          Show
          danielbeck Daniel Beck added a comment - Oh, and at the risk of stating the obvious: Anyone who can receive email to the email address can enter the Jenkins account. Anyone who can do that can file issues related to plugin governance, like changing maintainership. (We've discussed things like detaching plugin ownership from the accounts that have upload permissions in the past among some infra contributors, but don't have implemented any of that yet.)
          Hide
          datadog Datadog HQ added a comment -

          don't reject outside email now or in the future

          Yes, that was precisely the issue with the current email. I've set it now to another mailing list that is accessible by the maintainers only.

          Show
          datadog Datadog HQ added a comment - don't reject outside email now or in the future Yes, that was precisely the issue with the current email. I've set it now to another mailing list that is accessible by the maintainers only.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            datadog Datadog HQ
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: