airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bolke de Bruin <>
Subject Re: Security issue being ignored?
Date Thu, 06 Sep 2018 11:34:01 GMT
Both are not security vulnerabilities: either it is in an upstream project or it is due to
the way Airflow can be used. PR is welcome for the second JIRA.


Verstuurd vanaf mijn iPad

> Op 6 sep. 2018 om 11:07 heeft airflowuser <>
het volgende geschreven:
> Another example:
> Sent with [ProtonMail]( Secure Email.
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On September 3, 2018 10:20 AM, airflowuser <> wrote:
>> Hi,
>> I noticed you opened a disccusion about the neccesity of Gitter...
>> I think the main problem is that unlike other open source projects with Airflow no
one is monitoring the Jira. So people tend to report many stuff on the Gitter to get assistance.
Sometimes answers are given but no one answer on the open tickets.
>> Other projects hosted on GitHub or others always have someone reviewing new tickets
and tag them. On airflow any user tag any thing he wishes.. there are no priorities. There
are open tickets for version 1.7 which will probebly stay there forever.
>> Airflow doesn't have this function in the team... no one monitor the Jira and so
there are cases like this:
>> [](
>> A report of security issue where no one see that. This could be nothing or it could
be sirious but I think the Jira should be more than just a place to paste you commit notices.
>> In other projects the comunnity handle security issues asap... no one wants his project
to be hacked.
>> May I suggest that the Jira is not very user-firendly... I think the GitHub issues
section (which is disabled in this project) is better for discussion and bug reports. This
can be used for questions as well and can also replace the Gitter.
>> I noticed that many people submit PR and only then there is a disccution about the
implemntation - the disscution should be done before... not eveyone are on mailing lists..
especialy new developers - you are limiting access to the project with this approch. See how
many open PR are from 2017,2016...
>> It's easier for first time commiters to choose a ticket which it's taged as "easy
fix" and there was a disscution on it..
>> Thanks,

View raw message