Some good ideas here. Off the top of my head:
- I'm not sure whether the role should be something so specific as assign_issues. Yes, it's important that people (other than admins) be able to assign issues. The way the ticket tracker works, and the way this should probably be structured, too, is with three roles: external (just adding bugs), internal (developing code, assigning/fixing bugs), and admin. We can rename these roles to something more obvious, but I think those 3 levels of permission are specific enough.
- For submitting patches, try using the existing patch data model / code, so that a patch can be linked to a bug.
- CVS improvements: what are you thinking of doing there?
