Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public 
Now that this "security bug" is fixed, it might be a good time to remind 
readers of this list that there is a way to open security bugs in 
"private" mode. 

See 
http://dev.eclipse.org/mhonarc/lists/eclipse.org-committers/msg00511.html

There's a check-box on (many) components when opening the bug. If there's 
not one, you can ask the webmaster to enable it. This allows the issues to 
be documented, and tracked, and those involved (component owners and those 
added to the cc list) can read and discuss it, and eventually fix! Then, 
once fixed, the flag is flipped, and the information becomes public, for 
all to profit from. 

This has the obvious advantage of not announcing your security holes to 
the whole world, before they are fixed. 

Just trying to be helpful,

Back to the top