2017-11-28 0:44 GMT+01:00 Tobias Mueller <[email protected]>: > hey hey. > > We're exposing our bugzilla's git repository on http://bugzilla.gnome.or > g/.git/. It has some of our commits which I don't think are > problematic, but may become so in the future.
The repository is public [1] already but I'm aware many security tools report this as a problem so I went ahead and excluded the folder from ever being accessible. [2] > Additionally, there is https://bugzilla.gnome.org//server-status/. > Again, I don't think it's inherently a bad thing, but we might dislike > showing off our version numbers in the future. Or the IP addresses of > our clients... Done too. [2] > While we're at it, can we have TLS 1.2 for smtp.gnome.org? The host that runs smtp.gnome.org requires upgrade to RHEL 7 for this to happen. Surely a good thing to work on after my focus has gone off from the cgit->Gitlab migration. Mind reminding that to me once that has happened? Thanks for your reports Tobi! [1] https://git.gnome.org/browse/bugzilla-gnome-org-upstream [2] https://infrastructure.gnome.org/browse/puppet/commit/?id=f13beb13ba96366f08ba5f86d766a8ed64c54ca7 -- Cheers, Andrea Red Hatter, Fedora / EPEL packager, GNOME Infrastructure Team Coordinator, Former GNOME Foundation Board of Directors Secretary, GNOME Foundation Membership & Elections Committee Chairman Homepage: http://www.gnome.org/~av _______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
