[mapserver-dev] "Security/Vulnerability (Private)" tickets are not private

Even Rouault even.rouault at mines-paris.org
Fri Nov 8 12:00:50 PST 2013


The label "Security/Vulnerability (Private)" in github doesn't result in 
tickets that are only visible by the reporter or the security team. The 
tickets just seem to be world visible. See the following dummy ticket : 

I'm not sure if it can be solved. If not, we should probably remove that label 
and edit http://www.mapserver.org/development/bugs.html to have a more 
appropriate procedure.

It used to work with Trac if I remember well. Should we re-enable Trac tickets 
just for security related tickets ?


Geospatial professional services

More information about the mapserver-dev mailing list