You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Gavin (JIRA)" <ji...@apache.org> on 2015/10/26 20:48:27 UTC

[jira] [Assigned] (INFRA-10667) Change issues security flag / security policy for CouchDB issues

     [ https://issues.apache.org/jira/browse/INFRA-10667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gavin reassigned INFRA-10667:
-----------------------------

    Assignee: Gavin

> Change issues security flag / security policy for CouchDB issues
> ----------------------------------------------------------------
>
>                 Key: INFRA-10667
>                 URL: https://issues.apache.org/jira/browse/INFRA-10667
>             Project: Infrastructure
>          Issue Type: Task
>          Components: JIRA
>            Reporter: Alexander Shorin
>            Assignee: Gavin
>
> Hi Infra team,
> Previously, there was INFRA-9418 opened as a bug of JIRA behaviour for authenticated vs anonymous users. Now I played a bit with JIRA options and have understanding why this happened and how it could be fixed.
> Basically, issues have security flag which can be in three states:
> - None
> - public
> - non-public
> Default now is "public" which grants Group (users) ability to search for these issues and see reports about them. However, this group doesn't includes anonymous users and that why they don't see all the issues since the moment when JIRA settings were upgraded to make all the new issues to be the public.
> This also means that for newcomers we are the dead project now where no new issues or bugs get reported. That's not cool.
> If the goal was to completely hide those issues from anonymous users then it failed because they still can reach them by simple issue number iteration. 
> Consider all the above, current "public" security policy is broken for us.
> I see two ways to fix the problem and make CouchDB issues public for everyone:
> 1. Include anonymous users into Group (users);
> 2. Reset Issue security for public issues to None state and make it default for new ones;
> We also don't use "non-public" issues feature, preferring to discuss really non-public issues on security@ ML, so no harm will be done by any of these actions.
> If you know any other way to solve our problem better - please do whatever that will make our project really open as it was long time before those misfortune JIRA upgrade. We trust you here (:
> Thanks! (:



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)