Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Sep 1996 22:41:54 +0800
From:      Peter Wemm <peter@spinner.DIALix.COM>
To:        Paul Traina <pst@jnx.com>
Cc:        Wolfram Schneider <wosch@cs.tu-berlin.de>, freebsd-bugs@freebsd.org
Subject:   Re: conf/1608: FreeBSD's bug tracking system does not respect  confidential 
Message-ID:  <199609161441.WAA01398@spinner.DIALix.COM>
In-Reply-To: Your message of "Sat, 14 Sep 1996 14:14:47 MST." <199609142114.OAA03343@base.jnx.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Paul Traina wrote:
> Then you get a local copy without confidential bugs.

So, you're volunteering to set up a secure gnats system (the current one 
is wide open), reconfigure cvsup/sup/ctm, read, respond to and otherwise 
deal with all the bogus "Confidential: yes" reports, as well as the (rare) 
genuinely sensative ones?

IMHO, Confidential bug reports do not make sense in a project like this.  
We are a wide-open, very loose organisation.  Every person who has an 
account on freefall has read access to the entire database.  We have 
enough trouble with getting people to pay attention to PR's as it is, let 
alone having secret ones or making it selectively more difficult to deal 
with them.  We have 62 committers who are supposed to be able to work on 
PR's, that's hardly a good position to be in if we're going to try and 
"guard" the confidential reports.

Again, IMHO, we shouldn't even be implying that we offer confidential 
reports.  We do have a confidential security problem report address out of 
necessity, but we're in no position to deal with (say) commercially 
sensative material, that's the stuff that lawsuits are made of.  Still 
IMHO, when we get "confidential" reports, we should return them without 
filing them with a request to either submit it to security-officer@freebsd.
org if it's security related, or tell them that are a public operation and 
cannot deal with sensative material and it would be appreciated if they 
could redo the report taking care to remove or otherwise mask anything 
"sensative".

Anyway, that's my $0.02 worth.

>   From: Wolfram Schneider <wosch@cs.tu-berlin.de>
>   Subject: Re: conf/1608: FreeBSD's bug tracking system does not respect   co
    nf
> >>idential
>   Paul Traina writes:
>   >The gnats database should not be going out via CTM, and as soon as we have
>   >remote gnats installed, I suggest killing that distribution method.
>   
>   No. The Internet is slow, unstable and expensive. Modems are busy. 
>   I want a local copy of the gnats database on my computer.
>   
>   Wolfram

Cheers,
-Peter

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609161441.WAA01398>