[mapserver-dev] Motion: Updating the security reporting and workflow process
Steve Lime
sdlime at gmail.com
Fri Feb 28 09:16:12 PST 2020
The collaborator limit does kinda suck. We can't host private repos under
the MapServer account. Github want projects to move to "teams" - $304/mo
based on our current size. Gitlab would certainly work for a single purpose
private repo.
On Fri, Feb 28, 2020 at 11:06 AM Even Rouault <even.rouault at spatialys.com>
wrote:
> On vendredi 28 février 2020 12:36:54 CET Jeff McKenna wrote:
> > There is now a new alias that users can send an initial report to, that
> > forwards to all PSC members: mapserver-security (at) osgeo (dot) org
> >
> > SteveL has also setup a private 'mapserver-private' repository on
> > Github, to handle valid security reports, privately.
> >
> > So therefore:
> >
> > Motion: update documentation
> > (https://mapserver.org/development/bugs.html) to list the steps to
> > report a security concern, mentioning the first step of sending report
> > to mapserver-security (at), and second step of a PSC member creating a
> > ticket in the 'mapserver-private' repository.
>
> As apparently there's a limit to the number of collaborators for a private
> github repo, perhaps GitLab could be an option ?
> Some doc at
> https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
> (I've not experience with that myself.)
>
> Even
>
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20200228/d7f08477/attachment.html>
More information about the mapserver-dev
mailing list