[DRE-maint] Possible security flaw in gitlab: world readable gitlab_shell_secret file
Christian Hofstaedtler
zeha at debian.org
Mon Mar 28 23:47:38 UTC 2016
* Julian Gilbey <jdg at debian.org> [160327 20:04]:
> I'm reporting this directly rather than via the BTS as it may be a
> security hole.
Great idea, but sending to <packagename>@packages.debian.org is
likely to expose your report to the world (like in this case);
many packages use public mailing lists as their maintainer email,
and who knows who/what else is subscribed to the packages.d.o
address.
--
,''`. Christian Hofstaedtler <zeha at debian.org>
: :' : Debian Developer
`. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03
`-
More information about the Pkg-ruby-extras-maintainers
mailing list