Offering full attachment isolation to Bugzilla installations
Gervase Markham
gerv at mozilla.org
Fri Oct 2 08:18:30 UTC 2015
On 02/10/15 02:32, Jason Mcdonald wrote:
> Do you have any thoughts on how this would work for non-production
> instances of Bugzilla?
Well, in general people should not be running non-production instances
of Bugzilla on databases which contain confidential information. So the
need for full attachment isolation is much reduced.
However, I see the need for test instances to be configured the same as
production instances. Therefore...
> At Red Hat, we have a permanent public-facing test server, several
> permanent internal test servers and a bunch of developer instances that
> tend to come and go over time.
...in your case, I would suggest that you acquire
redhat.bzattachments.org for your production server,
redhat-test.bzattachments.org for your permanent public-facing test
server, and configure the rest not to use a separate attachment domain.
Hopefully, the number of things Bugzilla does differently based on this
setting is not too great, so the risk of introducing a bug which is not
detected is small.
Gerv
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla
More information about the developers
mailing list