[mapserver-dev] "Security/Vulnerability (Private)" tickets are not private

Even Rouault even.rouault at mines-paris.org
Tue Nov 12 11:55:52 PST 2013


Anyone to comment on this ? This wasn't just a purely theoretical question. I 
have actually something to report.

> Hi,
> 
> The label "Security/Vulnerability (Private)" in github doesn't result in
> tickets that are only visible by the reporter or the security team. The
> tickets just seem to be world visible. See the following dummy ticket :
> https://github.com/mapserver/mapserver/issues/4806
> 
> I'm not sure if it can be solved. If not, we should probably remove that
> label and edit http://www.mapserver.org/development/bugs.html to have a
> more appropriate procedure.
> 
> It used to work with Trac if I remember well. Should we re-enable Trac
> tickets just for security related tickets ?
> 
> Even

-- 
Geospatial professional services
http://even.rouault.free.fr/services.html


More information about the mapserver-dev mailing list