Apache OpenOffice (AOO) Bugzilla – Issue 40
http://www.openoffice.org/www-feedback/ is viewable to the public
Last modified: 2007-09-24 00:16:15 UTC
This shouldn't be viewable to the public: http://www.openoffice.org/www-feedback/ I fixed this in the past, but it seems to be have been reverted. The fixed for this should be rolled back into sourceCAST IIRC, jrobbins said the normal fix was to just change the perms so the webserver couldn't read them. IMHO, it should be viewable to certain approved ppl, but I don't think that ability exists today in Tigris.
fixed this with: chmod -R o-rwx www-feedback note that JR fixed this through a gated link to 'feedback' and rewrite rules that force you to do a tigris login prior to access of those pages. The fact that this got re-broken again because we've changed the rewrite rules on this site in setting up the caching proxy server. Yet again, this is another vote for NOT doing gating through rewrite rules and TSecureView or SecureNoodle. Rewrite rules are too easy to break, nondeterministic in scope and effect, etc. Not a good way to do security, IMHO. Note my "workaround" will break the feedback page linked through TSecureView. It simply will not be browsable via web archived mail lists.
This should be addressed at a sourceCAST level, as most (if not all) of our sourceCAST instantiations are going to have a feedback list, and are going to need to be browseable by those who are authorized to view them. Where do we move issues which need to be tracked for sourceCAST?
put the issue on PCN. feel free to report there, with link to this. i actually think this is part of a larger architectural issue which is how we do our "gating" for "gated communities" in opensource land.
Stefan, Do we still use this link .
No, the link is dead an no longer used. The generic requirement is to have a unmoderated list with a private archive.
Stefan , We already have a facility to make a particular mailing list to be private . i.e Private : Limits access to the list and its archives to project members. Resolving this issue as the requested feature already exist in the product . Feel free to reopen if necessary.
to old, I close this issue Raphael