openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcus <marcus.m...@wtnet.de>
Subject Re: Access denied on bugzilla ...
Date Fri, 16 Sep 2016 16:51:46 GMT
Dennis, please have a look into the history of the issue [1]. Here you 
can see that *Pedro has not* set the assignee. The reason is the BZ 
setting of the "security" component he has chosen at issue creation. So, 
it's not wrong that the issue was send to the security team.

We should think about not rooting these kind of issues to the security team.

[1] https://bz.apache.org/ooo/show_activity.cgi?id=127117

Marcus



Am 09/16/2016 06:43 PM, schrieb Dennis E. Hamilton:
> Pedro,
>
> When you assign an issue to security@openoffice.apache.org, it becomes invisible to all
but the security team.
>
> Since this is not about a vulnerability, I will change the issue to the default assignment.
>
> Please do not assign issues to others.  If you want to assign it to yourself, that is
fine.  Otherwise use the default assignment.
>
> If you are ever dealing with an exploitable vulnerability, do not use bugzilla.  Communicate
with the security@ mailing list directly.
>
>   - Dennis
>
>
>> -----Original Message-----
>> From: Pedro Giffuni [mailto:pfg@apache.org]
>> Sent: Friday, September 16, 2016 08:41
>> To: OOo Apache<dev@openoffice.apache.org>
>> Subject: Access denied on bugzilla ...
>>
>> FWIW ...
>> I just tried to access BZ 127117, which I created in the first place,
>> and now I got
>> "You are not authorized to access issue #127117."
>> It is only a very minor update to openssl, and I wanted to submit the
>> patch to do it.(AOO bugzilla and I have never been in a good
>> relationship).
>> While here I shall explain the intent of the two recent requests: it is
>> clear that we won't release soon updated, and hopefully secure, versions
>> of some very basic support libraries/utilities. At least doing some
>> minor low-hanging-fruit updates should save some pain to our users and
>> some embarrassment to the project. The changes are very conservative and
>> have been tested for a while in trunk but are superseded by the versions
>> in trunk.
>> I will let the RM and the security team determine if they are worth it.
>> Regards,
>> Pedro.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message