airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From airflowuser <>
Subject Security issue being ignored?
Date Mon, 03 Sep 2018 07:20:05 GMT
I noticed you opened a disccusion about the neccesity of Gitter...
I think the main problem is that unlike other open source projects with Airflow no one is
monitoring the Jira. So people tend to report many stuff on the Gitter to get assistance.
Sometimes answers are given but no one answer on the open tickets.

Other projects hosted on GitHub or others always have someone reviewing new tickets and tag
them. On airflow any user tag any thing he wishes.. there are no priorities. There are open
tickets for version 1.7 which will probebly stay there forever.

Airflow doesn't have this function in the team... no one monitor the Jira and so there are
cases like this:
A report of security issue where no one see that. This could be nothing or it could be sirious
but I think the Jira should be more than just a place to paste you commit notices.
In other projects the comunnity handle security issues asap... no one wants his project to
be hacked.

May I suggest that the Jira is not very user-firendly... I think the GitHub issues section
(which is disabled in this project) is better for discussion and bug reports. This can be
used for questions as well and can also replace the Gitter.
I noticed that many people submit PR and only then there is a disccution about the implemntation
- the disscution should be done before... not eveyone are on mailing lists.. especialy new
developers - you are limiting access to the project with this approch. See how many open PR
are from 2017,2016...
It's easier for first time commiters to choose a ticket which it's taged as "easy fix" and
there was a disscution on it..

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message