Only vetted users should be able to close webcompat reports

[adamopenweb]

In the current state of webcompat.com, any user that is logged into Github can close a report. It is done through our friend @webcompat-bot, who acts as proxy to Github.

There is a possibility that a person could close an issue before it's been properly triaged. For me, since I haven't worked on the bug, I wouldn't notice it. This could happen at other points in the process too, but maybe less risk as we'd get an email about it.

@miketaylr mentioned we could restrict closing bugs to org members and create a light weight process to join that org.

[karlcow]

before properly triaged

What do you mean here? Some scenarios would help. Asking because I'm preparing a janitor script #1251 for bugs not properly labeled when being closed.

Some thoughts

• How people like @TheWebJustWorks close bugs?
• What would be the process for joining?

[adamopenweb]

@karlcow I don't think anyone looked at these:
webcompat/web-bugs#4871
webcompat/web-bugs#5060

They clearly aren't valid, but it made me realize that someone could close a bug, even change labels and it could take some time before we notice, if at all.

[adamopenweb]

I'm thinking of two scenarios that probably haven't happened yet.

• A newer contributor closes an issue they can't reproduce, properly labels, but is a real bug we're interested in
• Someone with bad intentions figures out they can mess around with the website, with just a Github account

[karlcow]

so these two you are mentionning will be detected by the janitor script as closed without a specific label. There is a proposal for #1305 enforcing a status when closing. I guess a closing without a comment is another red-herring.

For the two other cases: new contributor and bad intended persons, indeed it is possible. The second is more problematic than the first one because harder to revert.

but yes indeed the more we are known, the more likely it will happen. If we put forward such a process of vetted participation for closing bugs. I wonder what would be the process.

[miketaylr]

I like the idea of the janitor script providing a report for issues that need investigation.

That said,

How people like @TheWebJustWorks close bugs?

They're part of the @webcompat/collaborators team, so they would have access (their current team status means they can close issues via GitHub as well).

What would be the process for joining?

If we went this route, I would want it to be light-weight. Probably a discussion topic for Berlin.

[miketaylr]

Decision: let's stick with the janitor script for now. We can revisit the idea of team/org membership in the future, because we're interested in that.

[miketaylr]

Let's close in favor of #1251.

[zoepage]

@miketaylr

Let's close in favor of #1251.

Is there a reason we did not close?

[miketaylr]

Nah, probably just forgot.