From owner-freebsd-bugs  Fri Sep 13 16:39:58 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA26640
          for bugs-outgoing; Fri, 13 Sep 1996 16:39:58 -0700 (PDT)
Received: from red.jnx.com ([208.197.169.254])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA26632
          for <freebsd-bugs@freebsd.org>; Fri, 13 Sep 1996 16:39:56 -0700 (PDT)
Received: from base.jnx.com (base.jnx.com [208.197.169.238]) by red.jnx.com (8.7.5/8.7.3) with ESMTP id QAA08821; Fri, 13 Sep 1996 16:39:25 -0700 (PDT)
Received: (from pst@localhost) by base.jnx.com (8.7.5/8.7.3) id QAA01913; Fri, 13 Sep 1996 16:39:24 -0700 (PDT)
To: Peter Wemm <peter@spinner.DIALix.COM>
cc: freebsd-bugs@freebsd.org
Subject: Re: conf/1608: FreeBSD's bug tracking system does not respect   confidential
References: <199609132220.PAA22198@freefall.freebsd.org>
From: Paul Traina <pst@jnx.com>
Date: 13 Sep 1996 16:39:24 -0700
In-Reply-To: peter@spinner.DIALix.COM's message of 13 Sep 96 22:20:02 GMT
Message-ID: <7yrao6f0ib.fsf@base.jnx.com>
Lines: 20
X-Mailer: Gnus v5.2.25/XEmacs 19.14
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

peter@spinner.DIALix.COM (Peter Wemm) writes:
>  Well, since the summaries of outstanding PR's are also sent to the list, 
>  we don't have much use for the 'confidential' header.  What are we 
>  supposed to do? Look at the PR numbers when they arrive from the mailing 
>  list and notice that one of them was skipped, and go and see what happened 
>  to it?

Confidential reports should be sent to a small list (read administrator).  The
summary reports that we generate are supposed to restrict the confidential tag
(I sure as hell know I put that in the code), as does the WWW interface.

>  IMHO, unless we find somebody to filter them by hand, we should delete the 
>  confidential: header from the skeleton entirely and make the incoming 
>  filter refuse them, giving instructions on the correct place to send 
>  security problems and contact addresses for keepers of major parts of the 
>  system if it's really essential that it not go out on the mailing lists.  
>  Remember, the gnats database is also going out via ctm to the public.

The gnats database should not be going out via CTM, and as soon as we have
remote gnats installed, I suggest killing that distribution method.