On Mon, 21 Nov 2022, Joel Brobecker wrote:

> * bug tracker (bugzilla)

I think this needs to go into more details.  Details of incoming email
handling (some Bugzilla installations don't use incoming email, we need to
be explicit about how it's a key feature used in our installations),
details of outgoing email handling, details of local changes to the
Bugzilla installation and how account creation is handled, for example.

>   - /sourceware/infra/bin/email-to-bugzilla
>
>         Sends a copy of commit messages to bugzilla if commit
>         has a PR number in it.

The fact that this currently seems to use SQL access to the database is a
really important thing to include in the list of services.  Remember that
we're trying for more isolation of components with minimal interfaces
between them, to improve security.  So if this script could be changed or
rewritten to use the (public) REST interface instead of SQL access to
check for whether bugs exist, that would be helpful.  (The fact that it
sends email to add to Bugzilla is also relevant, because it means that any
system running this script needs to be able to send email - and for any
system sending email, it will be necessary to avoid losing outgoing email
if it's a transient system and there's a transient email problem.)

In general, details of exactly what interfaces are used by components to
interact with others - especially if they make any assumptions about
direct database or filesystem access, or about different services being
hosted on the same system - are really important.  (This would then give a
list of cases where we should *change* the interfaces used to remove such
dependencies - for example, using the public read-only REST API to extract
information from Bugzilla instead of SQL access.)