[mapserver-dev] Motion: Updating the security reporting and workflow process

Even Rouault even.rouault at spatialys.com
Fri Feb 28 09:06:46 PST 2020


On vendredi 28 février 2020 12:36:54 CET Jeff McKenna wrote:
> There is now a new alias that users can send an initial report to, that
> forwards to all PSC members: mapserver-security (at) osgeo (dot) org
> 
> SteveL has also setup a private 'mapserver-private' repository on
> Github, to handle valid security reports, privately.
> 
> So therefore:
> 
> Motion: update documentation
> (https://mapserver.org/development/bugs.html) to list the steps to
> report a security concern, mentioning the first step of sending report
> to mapserver-security (at), and second step of a PSC member creating a
> ticket in the 'mapserver-private' repository.

As apparently there's a limit to the number of collaborators for a private 
github repo, perhaps GitLab could be an option ?
Some doc at
https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
(I've not experience with that myself.)

Even

-- 
Spatialys - Geospatial professional services
http://www.spatialys.com


More information about the mapserver-dev mailing list