[mapserver-dev] Motion: Updating the security reporting and workflow process
Michael Smith
michael.smith.erdc at gmail.com
Fri Feb 28 09:36:11 PST 2020
OSGeo has gitea in SAC. We can have a private mapserver repo there.
Mike
--
Michael Smith
OSGeo Foundation Treasurer
treasurer at osgeo.org
From: mapserver-dev <mapserver-dev-bounces at lists.osgeo.org> on behalf of Steve Lime <sdlime at gmail.com>
Date: Friday, February 28, 2020 at 12:16 PM
To: Even Rouault <even.rouault at spatialys.com>
Cc: MapServer Dev Mailing List <mapserver-dev at lists.osgeo.org>
Subject: Re: [mapserver-dev] Motion: Updating the security reporting and workflow process
The collaborator limit does kinda suck. We can't host private repos under the MapServer account. Github want projects to move to "teams" - $304/mo based on our current size. Gitlab would certainly work for a single purpose private repo.
On Fri, Feb 28, 2020 at 11:06 AM Even Rouault <even.rouault at spatialys.com> wrote:
On vendredi 28 février 2020 12:36:54 CET Jeff McKenna wrote:
> There is now a new alias that users can send an initial report to, that
> forwards to all PSC members: mapserver-security (at) osgeo (dot) org
>
> SteveL has also setup a private 'mapserver-private' repository on
> Github, to handle valid security reports, privately.
>
> So therefore:
>
> Motion: update documentation
> (https://mapserver.org/development/bugs.html) to list the steps to
> report a security concern, mentioning the first step of sending report
> to mapserver-security (at), and second step of a PSC member creating a
> ticket in the 'mapserver-private' repository.
As apparently there's a limit to the number of collaborators for a private
github repo, perhaps GitLab could be an option ?
Some doc at
https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
(I've not experience with that myself.)
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
_______________________________________________
mapserver-dev mailing list
mapserver-dev at lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
_______________________________________________ mapserver-dev mailing list mapserver-dev at lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20200228/a7b0049c/attachment.html>
More information about the mapserver-dev
mailing list