9037 – testing secteam bz secteam group (Make description private (visible only to members of the secteam group))

Bug 9037 - testing secteam bz secteam group (Make description private (visible only to members of the secteam group))

Summary: testing secteam bz secteam group (Make description private (visible only to m...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-11 11:33 CET by Oden Eriksson
Modified:	2013-02-12 19:19 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Oden Eriksson 2013-02-11 11:33:29 CET

testing secteam bz secteam group (Make description private (visible only to members of the secteam group))

This comment is public.

The next one should be private and can only be viewed by members of the bz secteam group (me and luigiwalser@yahoo.com).

Oden Eriksson 2013-02-11 11:34:02 CET

CC: (none) => luigiwalser

Comment 2 Oden Eriksson 2013-02-11 13:41:50 CET

This is comment 2, but I cannot see comment 1 here. Weird.

Oden Eriksson 2013-02-11 13:43:39 CET

CC: (none) => dmorganec

Comment 3 Oden Eriksson 2013-02-11 13:44:19 CET

Oh, once dmorganec@gmail.com  was added in cc I can see comment 1

Oden Eriksson 2013-02-11 13:44:48 CET

CC: dmorganec => (none)

Oden Eriksson 2013-02-11 13:45:06 CET

CC: (none) => dmorganec

Oden Eriksson 2013-02-11 13:45:34 CET

CC: (none) => oe

Comment 4 D Morgan 2013-02-11 13:46:03 CET

not related :) i am looking why config is wrong

Comment 5 David Walser 2013-02-11 13:47:14 CET

Yes, I still don't see Comment 1.

Comment 6 D Morgan 2013-02-11 13:47:23 CET

puppet empty the insidergroup entry, this is why you can't see comment 1   => WIP

Comment 7 D Morgan 2013-02-11 13:50:26 CET

is it OK now ?

Comment 10 Oden Eriksson 2013-02-11 14:01:33 CET

The thing is certain embargoed security info cannot be public.

PoCs or harmful code should not be public either. It's illegal in many countries to spread such code.

This "Make comment private (visible only to members of the secteam group)" will help a bit, but is not perfect as mail could be transferred unencrypted over insecure links (eavesdropping). SSL and DNS in itself is flawed. This bugzilla installation in itself could be hacked. People with physical access to this server could leak info, etc. etc.

D Morgan 2013-02-12 19:19:47 CET

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.