[mapserver-dev] Motion: Updating the security reporting and workflow process
Steve Lime
sdlime at gmail.com
Fri Feb 28 09:42:16 PST 2020
Only drag with that is contributors need osgeo ids.
On Fri, Feb 28, 2020 at 11:36 AM Michael Smith <michael.smith.erdc at gmail.com>
wrote:
> OSGeo has gitea in SAC. We can have a private mapserver repo there.
>
>
>
> Mike
>
>
>
>
>
> --
>
> Michael Smith
>
> OSGeo Foundation Treasurer
>
> treasurer at osgeo.org
>
>
>
>
>
> *From: *mapserver-dev <mapserver-dev-bounces at lists.osgeo.org> on behalf
> of Steve Lime <sdlime at gmail.com>
> *Date: *Friday, February 28, 2020 at 12:16 PM
> *To: *Even Rouault <even.rouault at spatialys.com>
> *Cc: *MapServer Dev Mailing List <mapserver-dev at lists.osgeo.org>
> *Subject: *Re: [mapserver-dev] Motion: Updating the security reporting
> and workflow process
>
>
>
> The collaborator limit does kinda suck. We can't host private repos under
> the MapServer account. Github want projects to move to "teams" - $304/mo
> based on our current size. Gitlab would certainly work for a single purpose
> private repo.
>
>
>
> On Fri, Feb 28, 2020 at 11:06 AM Even Rouault <even.rouault at spatialys.com>
> wrote:
>
> On vendredi 28 février 2020 12:36:54 CET Jeff McKenna wrote:
> > There is now a new alias that users can send an initial report to, that
> > forwards to all PSC members: mapserver-security (at) osgeo (dot) org
> >
> > SteveL has also setup a private 'mapserver-private' repository on
> > Github, to handle valid security reports, privately.
> >
> > So therefore:
> >
> > Motion: update documentation
> > (https://mapserver.org/development/bugs.html) to list the steps to
> > report a security concern, mentioning the first step of sending report
> > to mapserver-security (at), and second step of a PSC member creating a
> > ticket in the 'mapserver-private' repository.
>
> As apparently there's a limit to the number of collaborators for a private
> github repo, perhaps GitLab could be an option ?
> Some doc at
> https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
> (I've not experience with that myself.)
>
> Even
>
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>
> _______________________________________________ mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20200228/13ef031d/attachment-0001.html>
More information about the mapserver-dev
mailing list