Drew Jensen wrote:
> HI,
>
> Well, I kind of stepped in it for a few minutes today
and then I did
> what I thought was right to clean up the mess.
>
> So, now I would like to hear if others think how I
handled it was
> correct.
>
> I started by going to test issue#76129
> <http://www.openoffice.org/issues/show_bug.cgi?id=76129
>
>
> After verifying that I could indeed assign a macro to
an event ( Open
> Document ) on an embedded Base form I decided to to see
if this had,
> perhaps, had any side effects on issue #52527
>
> In testing the second issue I became convinced that I
was seeing a
> regression such that macro security settings where not
being honored.
>
> I did what seemed appropriate - Fist by making a
comment in 52527 and
> referring to Issue 76129 as the cause of the
regression. Tagging 76129
> to refer back to 52527. I then ran a new test, with a
non-embedded
> newly created separate Writer file - and not thinking
clearly just
> followed by steps and again used a library supplied
macro.
>
> At this point I decided I should raised the alarm.by
entering a new
> Issue 82587 and setting the component for this issue to
Framework,
> since that is my understanding for where scripting
issues, and
> therefor macro security issues, belong.
>
> Alright after a couple of minutes passed I realized my
mistake. I had
> used a library supplied macro for the initial test of
Issue 76129, I
> carried this database use, and this setup over, to test
52527. Then
> just followed my own mistaken steps in running my
sanity check test.
>
> In other words all my tests where INVALID for macro
security settings.
>
> At that point I figure I am about to get people in a
lather because of
> my entering 82587 so - I try to put the genie back in
the bottle, or
> yell that the sky is not falling ( pick your metaphor
). I marked
> 82587 as INVALID, went back and did the same for my
comments at 76129
> and 52527.
>
> OK - I'm human and I made a mistake, I apologize. On
the up side I
> suppose ( spin control here maybe ) one could say that
having a legion
> of testers shows that if a security issue like that
arose for real it
> would most likely be caught quickly. Then again the
internal QA group
> would most likely of caught it long before I would see
it.
>
> However, it is the last step I took that I am wondering
about.
>
> If a community tester, such as myself, raises such a
serious security
> issue and then goes back and says 'OOOPS I made a
mistake' as I did,
> should I really CLOSE that mistaken issue myself. I am
thinking now
> that I really had two mistakes this afternoon. For
something like
> this, I should have asked that someone else in the QA
group double
> check that I truly was mistaken and they close it. It
just seems like
> a better way to handle this type of ( hopefully very
infrequent )
> occurrence.
>
> Any thoughts on any of what I did today? What should I
have done, if
> anything, differently?
>
> Thanks
>
> Drew " slightly embarrassed" Jensen
>
Sorry, still messing up...jees. Just for clarity.
When I realized my mistake I did go back and re-run everyone
of the
previous tests ( and a couple more ) using a macro actually
embedded in
the respective document types, before I marked the raised
issue(s) as
invalid.
------------------------------------------------------------
---------
To unsubscribe, e-mail: dev-unsubscribe qa.openoffice.org
For additional commands, e-mail: dev-helpqa.openoffice.org
|