[SAC] Trac and Private tickets

Alan Boudreault aboudreault at mapgears.com
Tue Jan 4 11:26:18 EST 2011 

Hi Sac members,

I installed a trac plugin to handle this privacy issue. The plugin is called 
"securetickets" and can be found on http://trac-hacks.org. The initial 
behavior of the plugin was to set all tickets private, then let the user 
defines what are the public components. I modified this to fit osgeo needs. 
Since everything is public by default, we'll set manually the private 
components and everything else will be public. Here's how to use the plugin:

1- Enable the plugin in trac.ini:
[components]
securetickets.* = enabled

2- Modify the permission_policies in trac.ini:
permission_policies = SecureTicketsPolicy, DefaultPermissionPolicy, ...

3- Define private components in trac.ini:
[securetickets]
private_components = Vulnerabilities, Component2, ...

To allow a user or a group to view the private tickets, you'll have to add him 
the permission SECURE_TICKET_VIEW

regards,
Alan

On September 2, 2010 10:31:32 am Frank Warmerdam wrote:
> Alan Boudreault wrote:
> > Hi,
> > 
> > During a few security tickets we worked on (MapServer), we created the
> > tickets to keep the trace of the differents issues and patches. We have
> > been asked if it would be possible to create private tickets rather than
> > public. The reason is simple.. since they are security issues, it would
> > be better to only reveal them since all the patches are done and the
> > release ready.
> > 
> > I'm aware of a few "private plugins" for trac and I could take a look at
> > them and install it for our mapserver trac. Unfortunately, since the
> > migration of the servers, I think my sac account haven't been created.
> 
> Alan,
> 
> I observe that you are in the "sac" group:
> 
>    https://www.osgeo.org/cgi-bin/auth/ldap_shell.py?group=sac
> 
> and so should be able to login to the Trac machine.  You might need someone
> to add sudo permissions.  I'd suggest Chris or Howard do that since they
> seem to be primarily responsible for the services on this VM and should
> effectively ok the request.
> 
> I have also, from time to time, had a need for handling security related
> issues and wished there was a way of restricting access to the
> corresponding tickets for a while.
> 
> Best regards,

-- 
Alan Boudreault
Mapgears
http://www.mapgears.com

More information about the Sac mailing list