Re: Exposed .git and server-status

2017-11-28 0:44 GMT+01:00 Tobias Mueller <muelli cryptobitch de>:
hey hey.

We're exposing our bugzilla's git repository on http://bugzilla.gnome.or
g/.git/.  It has some of our commits which I don't think are
problematic, but may become so in the future.

The repository is public [1] already but I'm aware many security tools
report this as a problem so I went ahead and excluded the folder from
ever being accessible. [2]

Additionally, there is
Again, I don't think it's inherently a bad thing, but we might dislike
showing off our version numbers in the future. Or the IP addresses of
our clients...

Done too. [2]

While we're at it, can we have TLS 1.2 for

The host that runs requires upgrade to RHEL 7 for this
to happen. Surely a good thing to work on after my focus has gone off
from the cgit->Gitlab migration. Mind reminding that to me once that
has happened?

Thanks for your reports Tobi!




Red Hatter,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
Former GNOME Foundation Board of Directors Secretary,
GNOME Foundation Membership & Elections Committee Chairman


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]