On 21/01/10 17:15 +0100, Cédric Krier wrote: > On 17/11/09 11:47 +0100, Mathias Behrle wrote: > > * Betr.: " [tryton] Re: New mailling lists for dev and security" (Mon, 16 > > Nov > > 2009 23:41:38 +0100): > > > > > We can not accept everybody on this mailing list because this mailing > > > list is > > > for security developers that will fix reported issues and the major > > > difficulty > > > is that the information must be kept secret until fix exist and is > > > applied on > > > all series. So we must keep the number of people aware as tiny as > > > possible. > > > > So we need to have a possibility for users to put issues on the tracker, > > that > > are hidden to the public (and perhaps forwarded to tryton-security). I > > think, > > this should be done on issues with type security. > > > > BTW: https://bugs.tryton.org/roundup/issue1295 is not of type security for > > me. > > > > > > And we need indeed better descriptions of the related purposes, as well on > > the > > website as on the groups. > > > > > I have tried an update of schema.py of roundup to have this feature. > > So this works like this: > > Issue of type 'security' can only be viewed/edited: > > - by creator > - by nosy list > - by assigned to > - by user that has the "Security" role > > When the issue reaches on of the states 'resolved', 'closed' or 'invalid', > everybody can view it. > > It is the same for message and file. > > > Does this behavior ok? If so I will applied it to the current roundup. >
It is applied on roundup. Please, report any issue with this new configuration. -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email: cedric.kr...@b2ck.com Jabber: cedric.kr...@b2ck.com Website: http://www.b2ck.com/ twitter: http://twitter.com/cedrickrier identi.ca: http://identi.ca/cedrickrier
pgpSSg3kdbc8u.pgp
Description: PGP signature