Exposed .git and server-status bugzilla.gnome.org

From: Tobias Mueller <muelli cryptobitch de>
To: GNOME Infrastructure <gnome-infrastructure gnome org>
Cc: Andre Klapper <ak-47 gmx net>, security gnome org
Subject: Exposed .git and server-status bugzilla.gnome.org
Date: Tue, 28 Nov 2017 00:44:12 +0100

hey hey.

We're exposing our bugzilla's git repository on http://bugzilla.gnome.or
g/.git/.  It has some of our commits which I don't think are
problematic, but may become so in the future.

Additionally, there is https://bugzilla.gnome.org//server-status/.
Again, I don't think it's inherently a bad thing, but we might dislike
showing off our version numbers in the future. Or the IP addresses of
our clients...

While we're at it, can we have TLS 1.2 for smtp.gnome.org?

Cheers,
  Tobi

Follow-Ups:
- Re: Exposed .git and server-status bugzilla.gnome.org
  - From: Andrea Veri

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]