[mapserver-dev] Motion: Updating the security reporting and workflow process
Even Rouault
even.rouault at spatialys.com
Fri Feb 28 09:06:46 PST 2020
On vendredi 28 février 2020 12:36:54 CET Jeff McKenna wrote:
> There is now a new alias that users can send an initial report to, that
> forwards to all PSC members: mapserver-security (at) osgeo (dot) org
>
> SteveL has also setup a private 'mapserver-private' repository on
> Github, to handle valid security reports, privately.
>
> So therefore:
>
> Motion: update documentation
> (https://mapserver.org/development/bugs.html) to list the steps to
> report a security concern, mentioning the first step of sending report
> to mapserver-security (at), and second step of a PSC member creating a
> ticket in the 'mapserver-private' repository.
As apparently there's a limit to the number of collaborators for a private
github repo, perhaps GitLab could be an option ?
Some doc at
https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
(I've not experience with that myself.)
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
More information about the mapserver-dev
mailing list