[SAC] system security team on Gogs
Sandro Santilli
strk at kbt.io
Thu Jun 30 02:36:35 PDT 2016
I've created a "security-team" under the "SAC" organization of Gogs:
https://git.osgeo.org/gogs/org/sac/teams/security-team
And assigned it the "system-security" repository:
https://git.osgeo.org/gogs/sac/system-security
Members of the team have read/write access to all components of
the repository: issues, git repo, wiki.
For the moment I've drafted a wiki page listing possible attack
vectors for the newly added password-reset procedure:
https://git.osgeo.org/gogs/sac/system-security/wiki/Procedure%3AWebPasswordReset
Issues to resolve security issues (those in the wiki or others)
could be also filed as tickets in there.
Please let me know if you want to be made part of the team.
I know for sure we badly need security reviewers for the many
services currently offered by OSGeo.
NOTE: you'll get a 404 on each and every of the above URL *unless*
you are already part of the team.
--strk;
More information about the Sac
mailing list