Confirm, administrator
5,526
edits
Changes
Drafting initial text
== Bug Triage in CA Certificate Program==
Mozilla’s [[CA:Overview|CA Certificate Program]] governs inclusion of root certificates in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products.<br />
The Bugzilla product/component for the CA Certificates Program is [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org mozilla.org :: CA Certificates].
<br />
The CA Certificate Program deviates from Mozilla's standardized [[Bugmasters/Process/Triage|Triage]] process, in that the bug priorities (P1, P2, P3, or P5) are not typically used because the bugs do not typically directly include code changes to Mozilla's release trains or iterations.
In short, every new bug should either be prioritized as moved to a different component, or needinfo should be requested from someone. P1 means the bug should be fixed before the current Nightly branches to Aurora (and even uplifted as appropriate). P2 means the bug will be worked on "next" (basically, after P1s are taken care of). P3 means the bug is in the "should be fixed" backlog. Tracking or meta bugs are also P3. P5 is for bugs where patches would be reviewed and taken from contributors if appropriate, but otherwise won't be worked on. If a bug has had an unanswered needinfo flag for more than 2 weeks, it should be reevaluated (closing as incomplete, needinfo-ing another person, etc.).
After branching, bug priorities should be revisited. If a P1 is still open, it either needs to be deprioritized (maybe it isn't really a P1) or whatever is blocking its completion needs to be identified and dealt with. P2s and P3s should be considered for promotion to a higher priority. Assignees should be found for any bugs promoted to P1.
This is the list of [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20PSM&priority=--&n1=1&f1=flagtypes.name&o1=substring&v1=needinfo&resolution=---&chfield=[Bug%20creation]&chfieldto=Now&query_format=advanced&chfieldfrom=2016-06-01 untriaged bugs] according to the new process.
This is the list of [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20PSM&f1=flagtypes.name&o1=substring&v1=needinfo&f2=delta_ts&o2=lessthan&v2=14d&resolution=---&query_format=advanced bugs waiting on needinfo for more than 2 weeks] according to the new process.
Internally, PSM makes use of a number of whiteboard tags for organizational and prioritization purposes. They are as follows:
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-assigned] [psm-assigned]] are bugs that currently have an assignee. These should all be P1.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-backlog] [psm-backlog]] consists of the backlog of bugs we should fix in PSM. These should all be P2 or P3. If they are P1, they should have an assignee and the tag should be [psm-assigned].
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-cleanup] [psm-cleanup]] consists of code maintenance bugs that would make development easier, but don't directly impact functionality. These are probably mostly P3 or P5.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-tracking] [psm-tracking]] are meta bugs that track larger work. These should all be P3.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-deprecation] [psm-deprecation]] are bugs that involve deprecating weak cryptography
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-clientauth] [psm-clientauth]] consists of bugs involved with TLS client authentication
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-smartcard] [psm-smartcard]] are bugs involving PKCS#11 devices
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-documentation] [psm-documentation]] are bugs on writing or improving PSM documentation
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-waiting] [psm-waiting]] are bugs that are waiting on some external input
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-blocked] [psm-blocked]] are bugs that are blocked on other work
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-intermittent] [psm-intermittent]] are bugs filed for intermittently failing tests in PSM
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-would-take] [psm-would-take]] are bugs where we would review patches from contributors, but otherwise we won't be working on them. These should be P5.
These are the [https://bugzilla.mozilla.org/buglist.cgi?cmdtype=runnamed&namedcmd=psm-untriaged remaining untriaged bugs] with respect to internal bug management.
Mozilla’s [[CA:Overview|CA Certificate Program]] governs inclusion of root certificates in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products.<br />
The Bugzilla product/component for the CA Certificates Program is [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org mozilla.org :: CA Certificates].
<br />
The CA Certificate Program deviates from Mozilla's standardized [[Bugmasters/Process/Triage|Triage]] process, in that the bug priorities (P1, P2, P3, or P5) are not typically used because the bugs do not typically directly include code changes to Mozilla's release trains or iterations.
In short, every new bug should either be prioritized as moved to a different component, or needinfo should be requested from someone. P1 means the bug should be fixed before the current Nightly branches to Aurora (and even uplifted as appropriate). P2 means the bug will be worked on "next" (basically, after P1s are taken care of). P3 means the bug is in the "should be fixed" backlog. Tracking or meta bugs are also P3. P5 is for bugs where patches would be reviewed and taken from contributors if appropriate, but otherwise won't be worked on. If a bug has had an unanswered needinfo flag for more than 2 weeks, it should be reevaluated (closing as incomplete, needinfo-ing another person, etc.).
After branching, bug priorities should be revisited. If a P1 is still open, it either needs to be deprioritized (maybe it isn't really a P1) or whatever is blocking its completion needs to be identified and dealt with. P2s and P3s should be considered for promotion to a higher priority. Assignees should be found for any bugs promoted to P1.
This is the list of [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20PSM&priority=--&n1=1&f1=flagtypes.name&o1=substring&v1=needinfo&resolution=---&chfield=[Bug%20creation]&chfieldto=Now&query_format=advanced&chfieldfrom=2016-06-01 untriaged bugs] according to the new process.
This is the list of [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20PSM&f1=flagtypes.name&o1=substring&v1=needinfo&f2=delta_ts&o2=lessthan&v2=14d&resolution=---&query_format=advanced bugs waiting on needinfo for more than 2 weeks] according to the new process.
Internally, PSM makes use of a number of whiteboard tags for organizational and prioritization purposes. They are as follows:
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-assigned] [psm-assigned]] are bugs that currently have an assignee. These should all be P1.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-backlog] [psm-backlog]] consists of the backlog of bugs we should fix in PSM. These should all be P2 or P3. If they are P1, they should have an assignee and the tag should be [psm-assigned].
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-cleanup] [psm-cleanup]] consists of code maintenance bugs that would make development easier, but don't directly impact functionality. These are probably mostly P3 or P5.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-tracking] [psm-tracking]] are meta bugs that track larger work. These should all be P3.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-deprecation] [psm-deprecation]] are bugs that involve deprecating weak cryptography
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-clientauth] [psm-clientauth]] consists of bugs involved with TLS client authentication
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-smartcard] [psm-smartcard]] are bugs involving PKCS#11 devices
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-documentation] [psm-documentation]] are bugs on writing or improving PSM documentation
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-waiting] [psm-waiting]] are bugs that are waiting on some external input
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-blocked] [psm-blocked]] are bugs that are blocked on other work
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-intermittent] [psm-intermittent]] are bugs filed for intermittently failing tests in PSM
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-would-take] [psm-would-take]] are bugs where we would review patches from contributors, but otherwise we won't be working on them. These should be P5.
These are the [https://bugzilla.mozilla.org/buglist.cgi?cmdtype=runnamed&namedcmd=psm-untriaged remaining untriaged bugs] with respect to internal bug management.
