You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Kathey Marsden <km...@sbcglobal.net> on 2006/07/26 23:50:36 UTC
derby-dev Jira account and patch list notification
I created a derby-dev JIRA account so we can get weekly patch list
notification. But there are few outstanding issues.
1) derby-dev needs JIRA developer access so it can subscribe to the
patch report
2) jira@apache.org needs to subscribe to the derby-dev developer list
so the patch reports don't get moderated.
3) We need to decide what to do about the password. On IRC andersmo
mentioned really anyone can have it sent to the list by pressing the
send me my password button. Perhaps we can find out how Forrest handles it.
Kathey
Re: derby-dev Jira account and patch list notification
Posted by Andrew McIntyre <mc...@gmail.com>.
On 7/28/06, Kathey Marsden <km...@sbcglobal.net> wrote:
>
> I went to go and log in with the original password we used for derby-dev
> and cannot log into Jira with that. Has it been changed?
No, but we found the solution to the security issue. If you remove a
user from the jira-users group, they can't log in. So even if someone
reset the password, they couldn't actually log in and do anything with
it.
> That would
> be good for me as I don't like being one of a small group with the
> password. Seems like it should be admin or everybody. Can you please
> subscribe derby-dev to the filter "Derby: JIRA issues with patch
> available"? to be posted once a week.
done.
andrew
Re: derby-dev Jira account and patch list notification
Posted by Kathey Marsden <km...@sbcglobal.net>.
Andrew McIntyre wrote:
>
> After checking with some folks from Forrest, there doesn't seem to be
> a way around this, but then, they've never had a problem with it
> either. I'll follow up with infra, though, and see if there's a
> solution.
>
I went to go and log in with the original password we used for derby-dev
and cannot log into Jira with that. Has it been changed? That would
be good for me as I don't like being one of a small group with the
password. Seems like it should be admin or everybody. Can you please
subscribe derby-dev to the filter "Derby: JIRA issues with patch
available"? to be posted once a week.
Thanks
Kathey
Re: derby-dev Jira account and patch list notification
Posted by Andrew McIntyre <mc...@gmail.com>.
On 7/26/06, Kathey Marsden <km...@sbcglobal.net> wrote:
> I created a derby-dev JIRA account so we can get weekly patch list
> notification. But there are few outstanding issues.
>
> 1) derby-dev needs JIRA developer access so it can subscribe to the
> patch report
done.
> 2) jira@apache.org needs to subscribe to the derby-dev developer list
> so the patch reports don't get moderated.
I can take care of this when the first mail from the filter
subscription gets sent to the list.
> 3) We need to decide what to do about the password. On IRC andersmo
> mentioned really anyone can have it sent to the list by pressing the
> send me my password button. Perhaps we can find out how Forrest handles it.
After checking with some folks from Forrest, there doesn't seem to be
a way around this, but then, they've never had a problem with it
either. I'll follow up with infra, though, and see if there's a
solution.
andrew
Re: derby-dev Jira account and patch list notification
Posted by "Jean T. Anderson" <jt...@bristowhill.com>.
Kathey Marsden wrote:
...
> 3) We need to decide what to do about the password. On IRC andersmo
> mentioned really anyone can have it sent to the list by pressing the
> send me my password button. Perhaps we can find out how Forrest handles
> it.
I found a post in the forrest archives [1] that mentions the security issue:
> I tried that first, but it opens up that account for some light hacking:
> one can request a password change and the new password is then mailed to
> the list. So I opted for the no-role-account policy.
I didn't find a followup post to the public list.
-jean
[1]
http://mail-archives.apache.org/mod_mbox/forrest-dev/200211.mbox/%3c3DD8BC5D.8040001@outerthought.org%3e