develooper Front page | perl.perl5.porters | Postings from July 2019

Re: We plan to transition from RT to GitHub

Thread Previous | Thread Next
David Nicol
July 8, 2019 17:28
Re: We plan to transition from RT to GitHub
Message ID:
confidentiality is a premium service and (outside of security reports,
which TPF could reasonably offer a bounty for valid ones) people who need
confidentiality should be hiring contractors instead of complaining in

On Mon, Jul 8, 2019 at 11:06 AM Richard Leach <>

> On Fri, Jul 5, 2019 at 10:22 AM <> wrote:
> > - where will security issues go, how will they get there, from whom will
> > they be secure?
> Issues can't be marked as private. Many people seem to have asked or
> +1 this, but it's still not a thing.

> There is the model where you have a private repo for code and a
> separate public repo for issues. Don't know if that model could be
> flipped around to have a public code & issues repo, plus a separate
> private security issues repo, but not sure how reporting would work.
> Perhaps security bugs would still have to be reported by email, which
> gets turned into a private repo issue? But it's unclear then how much
> work it would be for the security team to move/copy a resolved
> security issue to the public queue. :-(

Well, the security team would fix it in secret, then post the bug and patch
as a formality? That still doesn't solve the problem of all the unpatched
versions though. Which isn't generally solved for any projects I'm aware of.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About