Bug 1822380: Update the documentation that linking security bugs is OK now r=dveditz

Differential Revision: https://phabricator.services.mozilla.com/D172591
2023-03-15 13:40:25 +00:00 · 2023-03-15 13:40:25 +00:00 · 2683c42a77
commit 2683c42a77
parent 9730f3f5d5
1 changed files with 4 additions and 5 deletions
--- a/docs/bug-mgmt/processes/security-approval.rst
+++ b/docs/bug-mgmt/processes/security-approval.rst
@ -41,11 +41,10 @@ Filing / Managing Bugs
   filing, instead of filing them as open bugs and then closing later.
   This is not always possible, but attention to this, especially when
   filing from crash-stats, is helpful.
-  Avoid linking it to non-security bugs with Blocks, Depends,
-   Regressions, or See Also, especially if those bugs may give a hint to
-   the sort of security issue involved. Mention the bug in a comment on
-   the security bug instead. We can always fill in the links later after
-   the fix has shipped.
+-  It is _ok_ to link security bugs to non-security bugs with Blocks,
+   Depends, Regressions, or See Also. Users with the editbugs permission
+   will be able to see the reference, but not view a restricted bug.
+   Users without the permission will not be able to see the link.

 Developing the Patch
 ~~~~~~~~~~~~~~~~~~~~