[mapserver-dev] "Security/Vulnerability (Private)" tickets are not private
Even Rouault
even.rouault at mines-paris.org
Tue Nov 12 11:55:52 PST 2013
Anyone to comment on this ? This wasn't just a purely theoretical question. I
have actually something to report.
> Hi,
>
> The label "Security/Vulnerability (Private)" in github doesn't result in
> tickets that are only visible by the reporter or the security team. The
> tickets just seem to be world visible. See the following dummy ticket :
> https://github.com/mapserver/mapserver/issues/4806
>
> I'm not sure if it can be solved. If not, we should probably remove that
> label and edit http://www.mapserver.org/development/bugs.html to have a
> more appropriate procedure.
>
> It used to work with Trac if I remember well. Should we re-enable Trac
> tickets just for security related tickets ?
>
> Even
--
Geospatial professional services
http://even.rouault.free.fr/services.html
More information about the mapserver-dev
mailing list