There are several bugs a day pasted in IRC channels regarding website updates, SQL, and routine things that should be public and are of interest to webdev in general, yet they are in the "infra" group because someone either forgot to uncheck the box or doesn't understand that they _should_ uncheck the box for such things in almost all circumstances. I don't know how many of the bugs filed should actually be marked infra as I can't see them, but I think the default of the box should be unchecked, the warning changed to something like "If this is an internal issue, such as _____________, please check this box", and that the box should be moved to the bottom above submit where it is more noticeable. I guess it would add a slight risk that someone would file an IT request publicly that should be marked infra, but we take the same risk with security bugs not automatically being marked as security sensitive until someone that understands the issue reviews it. Alternative solutions that are less open in general: - Adding webdev to infra group - Changing the associated group from infra back to mozillaorgconfidential, and any super secret infra bugs can be marked as such by infra.

Another idea is changing the one checkbox into three radio buttons. Basically, something like this: Privacy (Mozilla is very open... blah blah blah): o Public o Restricted to Mozilla employees o Restricted to Mozilla IT ... and use JS to force users to pick an option (with the default for when JS is disabled going to "restricted to Mozilla employees") Thoughts?

Already talked to mike about this. Given the sensitivity of some of the bugs that come in through the help desk form, and even some that don't (that should have the flag set), this isn't something I am comfortable doing. People don't think about the confidentiality issues when they submit these bugs through the form (I can show 100's of examples), as they are generally the less technical users. Looking through a lot of the bugs now that are marked as infra-only, they really should be - only a subset should not be. That said, I don't want to change this, but am happy to cc or remove the infra flag as needed for bugs. Furthermore, I think it would be easier to educate the few people who put bugs in with the flag set how to uncheck the box on submitting...

Reed has a good idea, though.

If we all agree that people can't tell the difference between: ( ) private ( ) public Then we can leave this as WONTFIX.

given this is such an issue - reed thought we could move the checkbox and bold the text. if this will help the issue, then we should do it. to reed for implementation.

I think it would also help if there was a list of things that should be private and things that should be public, so that if someone isn't sure, they can just look. Either an inline list or a link to somewhere would work.

Moves the checkbox, adds an attachment option, and does some other clean-up.

Committing to: bzr+ssh://dm-bugstage01.mozilla.org/bzr/bmo/3.0/ modified template/en/custom/bug/create/create-itrequest.html.tmpl Committed revision 5189.

Does this also fix the issue that the reporter of the ticket can't uncheck the "IT private" restriction if they realize later that it's not private?

(In reply to comment #9) > Does this also fix the issue that the reporter of the ticket can't uncheck the > "IT private" restriction if they realize later that it's not private? No, that's a separate issue. Please note that we don't currently allow people who file security bugs to uncheck the security checkbox, even though our policy (http://www.mozilla.org/projects/security/security-bugs-policy.html) says we do. People can always request that the group be removed, and with the change made by this bug, hopefully people will just uncheck the box before filing.

Ah, OK. I'm probably a common offender, because I don't use the submit button (just enter in a one-line text field) when submitting in bugzilla; too much scrolling and too many controls to tweak all of them and move to the clicky) so I was hoping I would be able to undo my mistakes. :)

If you don't need to restrict a bug to IT only, there's nothing you can do with the IT request form that you can't do with normal enter_bug.cgi, if that helps.

Except know what the categories should be, and how severity maps to urgency, which is the reason that I use the form!

(Maybe we should be putting IT requests in some other system, since if that entire class of issue needs to generally be perma-private -- unlike security bugs, which are only private until they're resolved, more or less -- it seems a poor fit for our shared bugzilla.)