On Mon, Nov 21, 2022 at 3:56 PM Joseph Myers wrote: > On Mon, 21 Nov 2022, Joel Brobecker wrote: > > > * bug tracker (bugzilla) > > I think this needs to go into more details. Details of incoming email > handling (some Bugzilla installations don't use incoming email, we need to > be explicit about how it's a key feature used in our installations), > details of outgoing email handling, details of local changes to the > Bugzilla installation and how account creation is handled, for example. > > > - /sourceware/infra/bin/email-to-bugzilla > > > > Sends a copy of commit messages to bugzilla if commit > > has a PR number in it. > > The fact that this currently seems to use SQL access to the database is a > really important thing to include in the list of services. Remember that > we're trying for more isolation of components with minimal interfaces > between them, to improve security. So if this script could be changed or > rewritten to use the (public) REST interface instead of SQL access to > check for whether bugs exist, that would be helpful. (The fact that it > sends email to add to Bugzilla is also relevant, because it means that any > system running this script needs to be able to send email - and for any > system sending email, it will be necessary to avoid losing outgoing email > if it's a transient system and there's a transient email problem.) > > In general, details of exactly what interfaces are used by components to > interact with others - especially if they make any assumptions about > direct database or filesystem access, or about different services being > hosted on the same system - are really important. (This would then give a > list of cases where we should *change* the interfaces used to remove such > dependencies - for example, using the public read-only REST API to extract > information from Bugzilla instead of SQL access.) > > Joel and Simon, Can the GDB analysis be updated to the level of detail that Carlos provided for GLIBC in his separate message? Thanks, David