Bug 573743 - The Eclipse Security Mailing list is publicly accessible!
Summary: The Eclipse Security Mailing list is publicly accessible!
Status: RESOLVED FIXED
Alias: None
Product: Community
Classification: Eclipse Foundation
Component: Vulnerability Reports (show other bugs)
Version: unspecified   Edit
Hardware: All All
: P1 critical (vote)
Target Milestone: ---   Edit
Assignee: Eclipse Webmaster CLA
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2021-05-25 04:16 EDT by Peter Stöckli CLA
Modified: 2021-05-25 11:27 EDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Stöckli CLA 2021-05-25 04:16:17 EDT 
Hello Eclipse Security Team

I just stumbled upon the following Mailing List archive via Google:

https://www.eclipse.org/lists/security/threads.html

=> As you can see this means the (private) Eclipse Security Mailing
list is publicly accessible!

Firstly, you should make the list archive private again.
Secondly and more importantly, this means that all vulnerability
reports discussed on this list are publicly accessible and should be
considered as publicly known.


This messages was also sent to security@eclipse.org, but has not yet shown up in the Archive.
Comment 1 Wayne Beaton CLA 2021-05-25 11:25:36 EDT 
I swear that we set this up without an archive at all.

Webmaster, please remove the archive of this mailing list.
Comment 2 Eclipse Webmaster CLA 2021-05-25 11:27:53 EDT 
The archive has been removed.

Good catch.

-M.