[Gt-eos] how to handle security issues
Frank Scheiner
scheiner at hlrs.de
Tue May 21 15:52:58 CEST 2019
Hi Mischa,
On 5/19/19 13:34, Mischa Salle via Gt-eos wrote:
> Hi all,
>
> we don't currently have a secure channel for discussing vulnerabilities,
> neither a bugtracker, nor even a secure email address.
> What are your thoughts on this?
> EGI is providing us kindly with the announce email address as you know:
> announcement at gridcf.org so the question is whether we should ask them
> also for a security at gridcf.org list, which unlike this list (gt-eos)
> should not be publicly archived...
Agreed. If EGI can arrange that, we would be covered.
> A private bugtracker might be a useful tool too. Not sure how we should
> arrange that though?
E.g. GitLab allows for confidential issues ([1]), but creating a
confidential issue still requires to check a box and maybe also to
choose a generic issue title. Not to speak of a GitLab account.
[1]: https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
Using an email address with private archive would be simpler to use and
reporters can easily interact with the "issue" by just replying to an
email and we need to communicate with them anyhow.
Cheers,
Frank
--
Frank Scheiner
High Performance Computing Center Stuttgart (HLRS)
Department Project User Management & Accounting
Email: scheiner at hlrs.de
Phone: +49 711 685 68039
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2293 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20190521/d8b3e1ae/attachment.p7s>
More information about the discuss
mailing list