[#366] commits mailing list archive should be list-members only for private FusionForge projects

Description

Summary:

Detailed description

A xyz-commits mailman maili-commits mailing list is automatically created for new projects.

For new private projects the mailman archive settings should be "list-members only", otherwise sensitive project information (source code) could leak.

General Information
Submitted by:
Marcel Baur
Date Submitted: 2012-03-14 03:36
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Permalink: https://fusionforge.org/tracker/a_follow.php/366
Actions
Internal Fields
Data Type: Feature requests
Assigned to: Nobody (None)
State: Open
Priority: 3
Extra Fields
Resolution:
none
Difficulty:
none
Target release:
none
Follow-up tabs
Message  ↓
Date: 2012-08-16 07:42
Sender: Franck Villaume

/src/cronjobs/mail/mailing_lists_create.php, line 90 has // Hack to Disable auto-public of listname. $is_commits_list = false; Which means, there is some dead code here.

Date: 2012-07-26 12:02
Sender: Marcel Baur

/src/cronjobs/mail/mailing_lists_create.php, line 108 has: if ($is_commits_list || $public) { // Make the *-commits list public $err .= "Making ".$listname." public: ".$publicize_cmd."\n"; passthru($publicize_cmd, $publicizeFailed); } else { // Privatize the new list $err .= "Privatizing ".$listname.": ".$privatize_cmd."\n"; passthru($privatize_cmd, $privatizeFailed); } Instead of making -commits mailing lists always public, anonymous RBAC permissions should be honoured. For projects disallowing anonymous users, the -commits list should be private and visible to ilst members only.

No attached documents

No related commits.

No Changes Have Been Made to This Item

No relations found.