I think I found good way to resolve any security issues here. We will use attachments only from approved users list (contributors).
Objections? -- Artem -- On Thu, May 21, 2015 at 1:13 PM, Branko Čibej <br...@apache.org> wrote: > On 21.05.2015 12:00, Dmitriy Setrakyan wrote: > > On Thu, May 21, 2015 at 2:48 AM, Branko Čibej <br...@apache.org> wrote: > > > >> On 21.05.2015 11:35, Dmitriy Setrakyan wrote: > >>> Are we saying that non-contributors can attach patches? > >> > >> Slow down. Anyone who sends a patch is, by definition, a contributor. > >> Whether or not you decide to use the patch is a different matter. You > >> don't want to invent any extremely paranoid access control; that's > >> contrary to the whole point of open source. > >> > > Brane, as far as I know, in order for someone to start working on a > ticket > > we need to add him/her to the list of "contributors" in Jira. Otherwise > the > > ticket cannot even be assigned to that person. I thought that only the > > people on the Jira "contributor" list can attach patches. Is this not so? > > If not, can we configure Jira to work in that way? > > I don't know how ASF Jira is set up, but surely people can create new > tickets and attach patches to them? > > -- Brane > >
