[#366] commits mailing list archive should be list-members only for private FusionForge projects



Detailed description

A xyz-commits mailman maili-commits mailing list is automatically created for new projects.

For new private projects the mailman archive settings should be "list-members only", otherwise sensitive project information (source code) could leak.

General Information
Submitted by:
Marcel Baur
Date Submitted: 2012-03-14 03:36
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Permalink: https://fusionforge.org/tracker/a_follow.php/366
Internal Fields
Data Type: Feature requests
Assigned to: Nobody (None)
State: Open
Priority: 1
Extra Fields
Target release:
Follow-up tabs
Message  ↓
Date: 2012-08-16 07:42
Sender: Franck Villaume

/src/cronjobs/mail/mailinglistscreate.php, line 90 has

// Hack to Disable auto-public of listname.
$is_commits_list = false;

Which means, there is some dead code here.

Date: 2012-07-26 12:02
Sender: Marcel Baur

/src/cronjobs/mail/mailinglistscreate.php, line 108 has:

                   if ($is_commits_list || $public) {
                            // Make the *-commits list public
                            $err .= "Making ".$listname." public: ".$publicize_cmd."\n";
                            passthru($publicize_cmd, $publicizeFailed);
                    } else {
                            // Privatize the new list
                            $err .= "Privatizing ".$listname.": ".$privatize_cmd."\n";
                            passthru($privatize_cmd, $privatizeFailed);

Instead of making -commits mailing lists always public, anonymous RBAC permissions should be honoured. For projects disallowing anonymous users, the -commits list should be private and visible to ilst members only.

No attached documents

No related commits.

Field Old Value Date By
priority32018-04-22 08:59
Franck Villaume

No relations found.