Issue 40 - http://www.openoffice.org/www-feedback/ is viewable to the public
Summary: http://www.openoffice.org/www-feedback/ is viewable to the public
Status: CLOSED FIXED
Alias: None
Product: Infrastructure
Classification: Infrastructure
Component: Mailing lists (show other issues)
Version: current
Hardware: PC Linux, all
: P3 Trivial (vote)
Target Milestone: ---
Assignee: Unknown
QA Contact: issues@www
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2000-10-23 23:36 UTC by Unknown
Modified: 2007-09-24 00:16 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Unknown 2000-10-23 23:36:02 UTC 
This shouldn't be viewable to the public:
http://www.openoffice.org/www-feedback/

I fixed this in the past, but it seems to be have been reverted.

The fixed for this should be rolled back into sourceCAST 

IIRC, jrobbins said the normal fix was to just change the perms so
the webserver couldn't read them.  

IMHO, it should be viewable to certain approved ppl, but I don't think that
ability exists today in Tigris.
Comment 1 Unknown 2000-10-24 00:07:47 UTC 
fixed this with:
	chmod -R o-rwx www-feedback

note that JR fixed this through a gated link to 'feedback' and rewrite
rules that force you to do a tigris login prior to access of those pages.

The fact that this got re-broken again because we've changed 
the rewrite rules on this site in setting up the caching proxy server.

Yet again, this is another vote for 
NOT doing gating through rewrite rules and TSecureView or SecureNoodle.
Rewrite rules are too easy to break, nondeterministic in scope and 
effect, etc. Not a good way to do security, IMHO.

Note my "workaround" will break the feedback page linked through
TSecureView. It simply will not be browsable via web archived mail lists.
Comment 2 Unknown 2000-10-24 00:19:39 UTC 
This should be addressed at a sourceCAST level, as most (if not all) of our 
 sourceCAST instantiations are going to have a feedback list, and are
going to need to be browseable by those who are authorized to view them.

Where do we move issues which need to be tracked for sourceCAST?
Comment 3 Unknown 2000-10-24 00:47:37 UTC 
put the issue on PCN. feel free to report there, with link to this.

i actually think this is part of a larger architectural issue which is 
how we do our "gating" for "gated communities" in opensource land.
Comment 4 Unknown 2007-03-08 14:02:57 UTC 
Stefan, 

Do we still use this link .
Comment 5 stx123 2007-03-09 07:00:47 UTC 
No, the link is dead an no longer used.
The generic requirement is to have a unmoderated list with a private archive.
Comment 6 Unknown 2007-04-20 07:31:43 UTC 
Stefan , 

   We already have a facility to make a particular mailing list to be private .

i.e Private : Limits access to the list and its archives to project members.

Resolving this issue as the requested feature already exist in the product .
Feel free to reopen if necessary.
Comment 7 Raphael Bircher 2007-09-24 00:16:15 UTC 
to old, I close this issue

Raphael