* Betr.: " Re: [tryton] Re: New mailling lists for dev and security" (Thu, 21 Jan 2010 17:15:13 +0100):
> On 17/11/09 11:47 +0100, Mathias Behrle wrote: > > * Betr.: " [tryton] Re: New mailling lists for dev and security" (Mon, 16 > > Nov 2009 23:41:38 +0100): > > > > > We can not accept everybody on this mailing list because this mailing > > > list is for security developers that will fix reported issues and the > > > major difficulty is that the information must be kept secret until fix > > > exist and is applied on all series. So we must keep the number of people > > > aware as tiny as possible. > > > > So we need to have a possibility for users to put issues on the tracker, > > that are hidden to the public (and perhaps forwarded to tryton-security). I > > think, this should be done on issues with type security. > > > > BTW: https://bugs.tryton.org/roundup/issue1295 is not of type security for > > me. > > > > > > And we need indeed better descriptions of the related purposes, as well on > > the website as on the groups. > > > > > I have tried an update of schema.py of roundup to have this feature. > > So this works like this: > > Issue of type 'security' can only be viewed/edited: > > - by creator > - by nosy list > - by assigned to > - by user that has the "Security" role > > When the issue reaches on of the states 'resolved', 'closed' or 'invalid', > everybody can view it. > > It is the same for message and file. > > > Does this behavior ok? If so I will applied it to the current roundup. Much better than security list! -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x89BCA161
signature.asc
Description: PGP signature
